UPDATED 16:51 EDT / DECEMBER 31 2012

IE Users Targeted In New Zero-Day Exploit

Microsoft is trying to resolve a zero-day exploit that enabled hackers to target Windows users, the company disclosed over the weekend. The loophole only concerns users of IE 6, 7 and 8, and was apparently used to target individuals who visited the Council on Foreign Relations’ website, which harbored the malware.

AlienVault security pro Jaime Blasco says that the malicious code taps into memory that should have been properly freed by IE, and uses it as a beach head to hijack the user’s PC. The malware also leverages Adobe Flash Player, but a second zero-day exploit has not yet been identified by experts.

AlienVault, said Blasco, had begun looking into the “watering hole” attacks stemming from the CFR website at the beginning of the week, and had alerted the Microsoft Security Response Center (MSRC) that it suspected IE harbored a zero-day vulnerability.

In a watering hole campaign, hackers identify their intended targets, even to the individual level, then scout out which websites they frequently visit. Attackers next compromise one or more of those sites, plant malware on them, and like a lion waits at a watering hole for unwary wildebeests, wait for unsuspecting users to surf there.

You can find a more full explanation in this blog post by Microsoft’s Jonathan Ness and Cristian Craioveanu. The piece provide all the technical details as well as a library that offers as temporary until Microsoft rolls out a more complete patch.

SiliconAngle analyst John Cassaretto believes Cybersecurity needs to become a much bigger priority in 2013, especially for the public sectors.  He shared his views on some of the progress that the government has made in this field and offered his predictions for 2013 in one of his most recent appearances on our morning NewsDesk program.  See Cassaretto’s full analysis here.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU