Emergency IE Patch today
Microsoft has announced that today (Thursday 21st January) at approximately 6pm UK time, it will release an emergency out-of band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies.
The vulnerability affects Internet Explorer 6, 7 and 8, which make up the bulk of the versions used today. However, the only in-the-wild exploit code for this vulnerability detected thus far is confirmed to affect just Internet Explorer 6.
Based on our in-the-field detections, this security vulnerability has only been used in a very limited number of targeted attacks so far, however they appear to be very high profile attacks. The most likely attack vector used in the incidents seen thus far is targeted e-mails containing legitimate looking attachments or links to Web sites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability springs into action and the computer becomes infected.
Despite the fact that we’ve seen just limited attacks using this vulnerability, with exploit code public, there is no reason to think we won’t see more attack attempts. And you can be sure bad guys are working overtime to create reliable exploits for the other affected versions of Internet Explorer, namely 7 and 8.
This security hole is so dangerous because it allows for remote exploitation. This means attackers can run any malicious code of their liking on a victim’s machine by taking advantage of the vulnerability.”
We strongly encourage users to patch their systems against this vulnerability. In addition, businesses are encouraged to consider implementing an automated patch management solution to help mitigate risk.
Dominic Cook
comments
Leave a Reply
-
Connect with us
-
Get Email Updates
-
Recently Posts
- Spam is decreasing. Is it the beginning of the end for e-mail?
- Taming the tablet
- Free Wifi: Why do we trust it?
- The true cost of a data breach (Part Two)
- The true cost of a data breach
- The Ultimate Combination – Information Protection with Visibility and Audit
- Gaining Access Control
- O3 –Control in the cloud
- Mobile adoption has reached the tipping point, but businesses accept it’s time for a security reality check
- The internet explodes with gTLDs
-
Pages
- announcements
- Application
- Availability
- backup
- botnet
- Cloud computing
- Complexity
- Compliance
- Consumerization
- cyber-crime
- data centre
- data-loss
- Denial of service
- disaster recovery
- Education
- Green IT
- impersonation
- Information Policy
- Insider
- IT equipment
- Miscellaneous
- misleading applications
- Patching
- Phishing
- Regulation
- Reputation
- SaaS
- security
- small business
- Social Media
- Spam
- Speaking
- Storage
- trojan
- Uncategorized
- Virtualization
- Virus
-
Blogroll
- Ask Marian Consumer Security Blog
- Bruce Schneier’s Blog
- Con Mallon’s Symantec Consumer Blog
- Gareth’s BE Blog
- Get Safe Online (The Blog)
- Gizmodo Gadget Blog
- Jonathan Schwartz’s Blog
- Phil Windley’s Technometria
- Security Bloggers Network
- Symantec French contributor - A blog from the French pen of Laurent Heslault
- Symantec Guide to Scary Internet Stuff – Botnets
- Symantec Guide to Scary Internet Stuff – Drive-by downloads - Video explaining the latest security threats in simple terms, on drive-by downloads
- Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
- Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
- Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
- Symantec Guide to Scary Internet Stuff – No8 Losing your Data
- Symantec Guide to Scary Internet Stuff – Phishing
- Symantec Guide to Scary Internet Stuff – Underground Economy
- Symantec podcast channel - A channel of podcasts on current security and availability topics from the experts at Symantec
- Toby Stevens’ Data Trust Blog
