Researchers crack Microsoft's Fix It for latest IE 0-day
Posted on 07 January 2013.
Microsoft has announced on Friday that this month's Patch Tuesday will include seven advisories, but unfortunately there will be no patch for the recently detected IE zero-day used in targeted watering hole attacks.


The vulnerability, first spotted being misused to target visitors of the website of the Council on Foreign Relations, a think tank specializing in U.S. foreign policy and international affairs, has since been detected being used in attacks that compromised a number of other websites, including Chinese human rights sites and the site of Capstone Turbine Corp.

Symantec researchers have linked the attacks to the Elderwood gang - a group of hackers that are believed to be working for the Chinese government and that concentrate on gathering and stealing intelligence (trade secrets, contacts, infrastructure details, intelligence for future attacks) and intellectual property (designs and plans) from an ever-increasing number of companies mostly located in the United States.

Their predilection for zero-day vulnerabilities has been well-documented, and their use of a function named HeapSpary (a mistype of Heap Spray) and other similarities discovered by the researchers between all these attacks seem to validate that conclusion.

Still, the worst news comes from researchers from security firm Exodus Intelligence: the Fix It tool released by Microsoft that supposedly reduces the attack surface of the vulnerability is flawed.

"Usually, there are multiple paths one can take to trigger or exploit a vulnerability," Brandon Edwards, VP of Intelligence at Exodus commented for ThreatPost. "The Fix It did not prevent all those paths."

They shared their working exploit with Microsoft, and have agreed not to publish it until the vulnerability is adequately patched. Still, that doesn't mean that the attackers haven't already figured it out for themselves.






Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //