Pulse

By GCN Staff

Blog archive

Microsoft issues fix for zero-day IE flaw

Microsoft’s monthly Patch Tuesday update includes a fix for a recently discovered zero-day vulnerability in Internet Explorer that the company said was being exploited. The flaw is present in all versions of Windows from XP through the most recent version, 8.1.

The security company FireEye said it had found exploits of the flaw carried out against IE 7, 8, 9 and 10, on PCs running XP or Windows 7, Computerworld reported. FireEye said the exploits were part of a watering hole campaign involving an infected website in the United States. The company didn’t identify the site but said it focused on domestic and international security policy.

Watering hole attacks are becoming popular among malicious actors as an alternative to attacks such as spear phishing. Like spear phishing, they’re highly targeted, but instead of sending someone a targeted email that will try to induce them to click on a link to an infected site, watering hole attacks pick sites their targets are likely to visit, infect the site and then lie in wait. When the target — either an individual or someone from a targeted group — visits the site, the user's computers can be compromised.

The exploit FireEye found was unusual because it was designed to erase itself when the PC is rebooted, Darien Kindlund, the company’s manager of threat intelligence, told Computerworld. Such an attack harder to detect because it leaves no trace after the restart, but it also means that the attackers must have operators on hand when a target, likely identified by its IP address, visits the site to take advantage.

Posted by Kevin McCaney on Nov 12, 2013 at 11:10 AM


Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected