Microsoft warns of targeted attacks using new IE hole

Microsoft today warned of a hole in older versions of Internet Explorer that was used in limited targeted attacks in which e-mails were sent to people in organizations directing them to a Web site where exploit code could take over their computers.


The exploit code has been taken down from the Web site where it was hosted, Jerry Bryant, group manager for Response Communications at Microsoft, told CNET. He declined to identify what site it was or to say what companies or types of companies were targeted in the attacks.


The exploit code was written for Internet Explorer 6 and 7, but IE8 also is vulnerable, he said. IE9 beta is not vulnerable, nor is IE8 in the default installation with Data Execution Prevention enabled. Microsoft has released a security advisory that includes workarounds, such as enabling DEP, reading e-mails in plain text, and setting Internet and local intranet security zone settings to “high” to block ActiveX Controls and Active Scripting. A Fix-it tool that will ease the implementation of workarounds is expected later today, but Bryant said he did not have a timeline on a fix or security update.

Read more

Reg Cure


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: