Did You Know?



Reply
Community Leader
Jasper_The_Rasper
Posts: 1,093
Registered: ‎06-12-2013

New IE Zero-Day Used in Watering Hole Attack Targets Memory

[ Edited ]

Attackers are exploiting serious vulnerabilities in Internet Explorer in a watering hole attack, researchers from security firm FireEye warned. Users tricked into accessing the infected website are hit with malware that infects the computer's memory in a classic drive-by attack.

Attackers have embeded the malicious code which exploits at least two zero-day flaws in Internet Explorer into "a strategically important website, known to draw visitors that are likely interested in national and international security policy," FireEye said in its analysis last week. FireEye did not identify the site beyond the fact that it was based in the United States.

"The exploit leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution," FireEye researchers wrote. "It is one vulnerability being exploited in various different ways."

 

Full Topic

Community Leader

Please use plain text.
TripleHelix
Posts: 5,383
Topics: 401
Kudos: 3,268
Ideas: 5
Registered: ‎02-03-2012

Re: New IE Zero-Day Used in Watering Hole Attack Targets Memory

Microsoft reveals Internet Explorer 0-day flaw used in drive-by attacks will be patched on November 12

 

Thanks Jeff for the info and Microsoft will have a patch tomorrow to fix this vulnerability!

 

Microsoft today announced the latest Internet Explorer 0-day flaw (CVE-2013-3918 will be fixed on this month’s Patch Tuesday. The patch will thus be released on Tuesday (tomorrow) at approximately 10:00 AM PDT.

On November 8, Security firm FireEye discovered a new IE 0-day flaw was being exploited in the wild. The company followed up with more details on November 10.

 

Full Article

 

Daniel :smileywink:

 

 

coollogo_com-133794099.gif


asapvip.png   SigSVIP.png    Sr.Expert Advisor Jan 23 2014.png


Webroot® SecureAnywhere™ Internet Security Complete 2014 Beta Tester v8.0.4.70 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit all on VM's. 


MVP.gif.pngMicrosoft® MVP Consumer Security 2012/15


New to the Community? Register now and start posting!

Please use plain text.