Client Login
 Quick Contact
Microsoft patches as fraudsters target IE flaw
Category : Managed Services 22 Jan 2010 09:27 PM | Industry News
Microsoft released a patch for eight vulnerabilities in Internet Explorer on Thursday, fixing at least one previously undisclosed flaw in the company's Web browser currently being exploited by cybercriminals.
The security update, the second one for Microsoft so far this year, fixes six memory corruption vulnerabilities, another issue in handling URL validation and a flaw that would allow an attacker to bypass the cross-site scripting filter. Among the fixes is a patch for a flaw used by attackers operating from Chinese server who infiltrated networks at Google, Adobe and other companies. While security firms have reported several more general attacks appearing on the Internet, Microsoft continued to describe the threats as "limited."
"Microsoft continues to see limited and targeted attacks against Internet Explorer 6 only," the company said in a statement announcing the fix. "However, Microsoft recommends customers deploy this security update as soon as possible to protect themselves against the known attacks."
Over the weekend, more general attacks using the vulnerability were detected by security firm Websense, which found a single page hosting the attack. A day later, the firm discovered two more pages hosting similar attacks, according to its Security Labs blog.
"We identified two more malicious URLs that are used in live attacks," the company stated. "According to reports from our friends at Ahnlab, the second URL was spread through the Instant Messenger network Misslee Messenger, a popular IM client in South Korea."
Attacks have also reportedly focused on Chinese users, which account for much of the population of Internet Explorer 6 users. While initial reports focused on a recently patched flaw in Adobe Acrobat and Reader as being the vector for the attacks, analysis of some of the malicious files confirmed that a zero-day flaw in Internet Explorer was used.
Security experts have recommended that users upgrade to the the latest version of Internet Explorer that has additional protection to make exploitation more difficult, especially on Windows Vista and Windows 7. More drastically, technical branches of the French and German government have recommended that users move to a non-Microsoft browser. (Courtesy: SecurityFocus)