Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit

Use Netsparker


Pretty unusual for Microsoft but they’ve rushed out a fast fix for a 0-day Internet Explorer vulnerability which allows remote code execution and malware dropping. It doesn’t effect the latest version of Internet Explorer (9) but it effects all the common previous versions (6, 7 & 8) – which still accounts for the majority of users.

It is definitely important though, so I can appreciate their urgency. The sad part is most people that will fall for the scam sites that push out such malware won’t know about this patch, so they will remain at risk.

It will help a lot for corporates though managing the entire organization security as many are mandated to use Internet Explorer, and try and keep it secure..

Microsoft has pushed out a temporary fix to defend against a zero-day vulnerability that surfaced in attacks launched last week.

The security flaw (CVE-2012-4792) – which affects IE 6, 7 and 8 but not the latest versions of Microsoft’s web browser software – allows malware to be dropped onto Windows PCs running the vulnerable software, providing, of course, that users can be tricked into visiting booby-trapped websites.

Redmond has released a temporary Fix It (easy-to-apply workaround) pending the development of a more comprehensive patch.

The flaw was initially discovered by security tools firm FireEye on the Council on Foreign Relations website on 27 December.


The flaw was discovered right before the new year on December 27th, so Microsoft have managed to get this temporary fix out pretty fast. I’d imagine the full patch will be rolled into the next Windows Update Patch Tuesday.

I don’t expect anyone reading this is using Internet Explorer, so it wouldn’t effect us anyway – but seen as though you are probably at home over the holidays. Do us all a favour and install Chrome or Firefox on your relatives computers.

The attack had been running for at least a week, and perhaps longer, before it was detected. Retrospective analysis by Sophos suggests the same exploit was used on at least five additional websites, suggesting assaults using the bug are far from limited.

“While the assaults appeared to be targeting a small number of sites, there is no obvious link between the victims,” noted Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. “Some are referring to this as a ‘watering hole’ attack, but the evidence we have doesn’t necessarily support that conclusion.”

Security watchers advise either applying Redmond’s workarounds, upgrading to IE 9 or using an alternative browser – at least until a proper patch becomes available. The next patch Tuesday is coming up on 8 January. This doesn’t give Microsoft much time but given the high-profile nature of the vulnerability it’s likely that Redmond will release a patch sooner rather than later.

It was exploited for a week at least before discovery, so that’d give a date of around December 20th when it was first seen in the wild. The next Patch Tuesday is coming in 5 days, so we might even see an emergency out of bounds patch for this so it gets pushed out via Windows Update to the masses.

You can check out the Fix It here:

Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution

Source: The Register

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , , , ,


Latest Posts:


Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


3 Responses to Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit

  1. altonius January 3, 2013 at 7:58 pm #

    MS’s advance security advisory notification for January has now been released and there’s nothing in there for IE6,7 and 8… They still could add it in at a later date.

  2. anon January 14, 2013 at 6:40 pm #

    As always, great reporting. Quick comment –> it’s affect, not effect.

    • Darknet January 21, 2013 at 8:45 am #

      Haha thanks, and yah…..that one always gets me.