|Network Security Consulting SecurityFocus Article
MS Readies Patch, As Fraudsters Target IE Flaw
Microsoft announced that the company would release a patch on Thursday to fix a previously unknown flaw in Internet Explorer, after cybercriminals started using the security issue in more general attacks against Internet users.
The software giant issued an advisory on Wednesday, calling the attacks "limited" and preparing customers for the out-of-band update.
"The vulnerability exists as an invalid pointer reference within Internet Explorer," the company stated. "It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."
Over the weekend, more general attacks using the vulnerability were detected by security firm Websense, which found a single page hosting the attack. A day later, the firm discovered two more pages hosting similar attacks, according to its Security Labs blog.
We "identified two more malicious URLs that are used in live attacks," the company stated. "According to reports from our friends at Ahnlab, the second URL was spread through the Instant Messenger network Misslee Messenger, a popular IM client in South Korea."
Attacks have also reportedly focused on Chinese users, which account for much of the population of Internet Explorer 6 users.
The out-of-band update, called such as it falls outside of Microsoft's regularly scheduled Patch Tuesday, follows last week's announcement that Google and other major technology companies came under attack from servers based in China. While initial reports focused on a recently patched flaw in Adobe Acrobat and Reader as being the vector for the attacks, analysis of some of the malicious files confirmed that a zero-day flaw in Internet Explorer was used.
Security experts have recommended that users upgrade to the the latest version of Internet Explorer that has additional protection to make exploitation more difficult, especially on Windows Vista and Windows 7. More drastically, technical branches of the French and German government have recommended that users move to a non-Microsoft browser.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos