The number of attacks exploiting a yet-to-be-patched vulnerability in Internet Explorer has increased dramatically over the past few days, indicating the exploit is no longer used just in targeted attacks against particular groups of people.
The vulnerability affects Internet Explorer 9 and 10 and was publicly revealed on Feb. 13 by researchers from security firm FireEye who found an exploit for the flaw being served from the Veterans of Foreign Wars (VFW) website. Researchers from security firm Websense later reported that the same vulnerability was being exploited from the compromised website of French aerospace association.gifAS (Groupement des Industries Francaises Aeronautiques et Spatiales).
Microsoft published a security advisory about the vulnerability, which is tracked as CVE-2014-0322, and released a "Fix It" tool as a temporary workaround. However, the company has not yet released a regular patch through the regular Windows update channel.
The attacks reported by FireEye and Websense are known as "watering hole attacks" because they involve compromising websites visited by particular groups of people that attackers wish to target -- in these particular cases U.S. military personnel and French defense contractors.
Full Article
IE zero-day exploit being used in widespread attacks
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.