{"id":2063,"date":"2013-05-06T12:02:02","date_gmt":"2013-05-06T16:02:02","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=2063"},"modified":"2013-05-06T12:02:02","modified_gmt":"2013-05-06T16:02:02","slug":"microsoft-pledges-patch-for-zero-day-bug-in-internet-explorer-8","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/05\/06\/microsoft-pledges-patch-for-zero-day-bug-in-internet-explorer-8\/","title":{"rendered":"Microsoft pledges patch for zero-day bug in Internet Explorer 8"},"content":{"rendered":"

Microsoft has confirmed that a “zero-day,” or unpatched, vulnerability exists in Internet Explorer 8, the company’s most popular browser.
\nAccording to multiple security firms, the vulnerability has been used in active exploits, including “watering hole”-style attacks against the U.S. Department of Labor and U.S. Department of Energy, targeting workers at the latter agency involved in nuclear weapons research.
\nOn Friday, Microsoft published a security advisory that acknowledged the bug. In the advisory, the company also said that other versions of Internet Explorer, including the newer IE9 and IE10, are not affected, and that the firm is working on an update to patch the problem.<\/p>\n

\"\"<\/a><\/p>\n

No timetable for a fix was provided. The next scheduled security update from Microsoft will ship Tuesday, May 14.
\nThe watering hole attacks were first reported on Wednesday, when Fairfax, Va.-based Invincea and others said cyber criminals were exploiting an IE8 vulnerability Microsoft had patched in January. On Friday, however, Invincea retracted that, saying that the bug was an unknown vulnerability not yet patched by Microsoft.
\n“The exploit on the [Department of Labor] site appears to be exploiting a zero-day exploit affecting Internet Explorer 8 (IE8) only, [via a] use-after-free memory vulnerability that when exploited allows an attacker to remotely execute arbitrary code,” said Eddie Mitchell, a security engineer at Invincea, in a Friday blog post.
\nInvincea came to its conclusion after reproducing the attack on a Windows XP PC running a fully-patched copy of IE8, one that included the fix Microsoft issued nearly three months ago for CVE-2012-4792, the Common Vulnerabilities and Exposure database identifier for the flaw originally thought to be involved.
\nAlso on Friday, FireEye claimed much the same, saying that it had also verified that IE8 on Windows 7 is vulnerable.
\nIE8 is the most widely-used of Microsoft’s five supported browsers — IE6 through IE10 — accounting for an estimated 41 percent of all the Redmond, Wash. developer’s browsers that went online in April.
\nMicrosoft confirmed that all versions of IE8, including copies running on XP, Vista and Windows 7, are at risk.
\nWhen the news broke earlier in the week of the watering hole attacks — so named because attack code is placed on websites frequented by the targeted users — Invincea and other security companies said they were designed to infect government PCs with the Poison Ivy remote administration tool, or RAT.
\nPoison Ivy is a well-known piece of malware often used by information thieves to siphon confidential documents and other files from corporate and government networks.
\nSecurity companies pointed fingers at Chinese hackers, saying that the latest were similar to past attacks that had targeted the Council on Foreign Relations (CFR) and Chinese dissidents in 2012. The attacks designed to infect users who visited the CFR website late last year prompted Microsoft to issue an “out-of-band,” or emergency, IE update on Jan. 14.
\nInvincea was the most aggressive in its claims. After noting that the infected Department of Labor website listed “nuclear-related illnesses linked to Energy facilities and toxicity levels at each location that might have sickened employees developing atomic weapons,” it concluded that the real targets were Department of Energy employees or officials who worked in nuclear weapons programs for the agency.
\nA zero-day vulnerability in IE8 raised the stakes for all users of that browser, said Mitchell of Invincea, not only government workers who had been targeted. “With this exploit being out in the wild, the potential risk for damage is high,” he wrote in the Friday blog, and recommended that users switch to an alternate browser, such as Google’s Chrome or Mozilla’s Firefox, until Microsoft delivers a patch.
\nThe flaw could be used by other hackers to construct “drive-by” attacks, those triggered as soon as an unpatched browser visits a compromised website, to infect large numbers of PCs.
\nMeanwhile, Microsoft urged users of Vista and Windows 7 to upgrade from IE8 to IE9 and IE10, respectively. People running Windows XP — the apparent target of the watering hole attacks — have no such option, as neither IE9 or IE10 run on the 12-year-old operating system. The newest versions of Chrome and Firefox, however, do support Windows XP.
\nCustomers can also deploy the Enhanced Mitigation Experience Toolkit (EMET), to lock down IE8, making exploits more difficult for hackers. EMET 3.0 or the beta of EMET 4.0 can be downloaded from Microsoft’s website.
\nWhile it’s possible that Microsoft will craft a patch for the vulnerability in time to include it in the scheduled May 14 updates, it’s more likely the company will issue a fix outside of that schedule, as it did in January. Then, Microsoft took 16 days from issuing an advisory to patching IE. If it followed the same timetable with the newest flaw, it would ship a fix after this month’s Patch Tuesday.<\/p>\n

\"\"<\/a><\/p>\n

Microsoft credited researchers at FireEye and iSIGHT Partners, a Dallas, Texas security firm, with reporting the IE8 zero-day. iSIGHT Partners, like Invincea, supplies government agencies with security software.
\nvia Microsoft pledges patch for zero-day bug in Internet Explorer 8 | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft has confirmed that a “zero-day,” or unpatched, vulnerability exists in Internet Explorer 8, the company’s most popular browser. According […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,7,11],"tags":[1178,1218,1272],"class_list":["post-2063","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-security","category-windows","tag-vulnerability","tag-windows-8","tag-zero-day-bug"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-xh","jetpack-related-posts":[{"id":5710,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/10\/microsoft-pushes-out-massive-security-update-for-internet-explorer\/","url_meta":{"origin":2063,"position":0},"title":"Microsoft pushes out massive security update for Internet Explorer","author":"NCCT","date":"June 10, 2014","format":false,"excerpt":"Microsoft pushes out massive security update for Internet Explorer Six down, six to go. Today is the Microsoft Patch Tuesday for June, and it comes with seven new security bulletins. The good news is that five of the seven are only rated as Important, but one of the two Critical\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6649,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/16\/security-firm-discovers-windows-zero-day-claims-russian-hackers-used-it-to-target-nato-ukraine\/","url_meta":{"origin":2063,"position":1},"title":"Security firm discovers Windows zero-day, claims Russian hackers used it to target NATO, Ukraine","author":"NCCT","date":"October 16, 2014","format":false,"excerpt":"A Russian hacking group has been exploiting a security flaw in Microsoft Windows to spy on NATO, the Ukrainian government, the European Union, an American academic organization, and companies in telecommunications and energy sectors, according to cyber intelligence firm iSight Partners. The group, which has been active since at least\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6231,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/11\/microsoft-to-issue-many-windows-patches\/","url_meta":{"origin":2063,"position":2},"title":"Microsoft to issue many Windows patches","author":"NCCT","date":"August 11, 2014","format":false,"excerpt":"Microsoft has released their advance notification for the August 2014 Patch Tuesday updates. There will be a total of nine updates issued next Tuesday, August 12, two of them rated critical. The two critical bugs affect Windows and Internet Explorer. The critical Windows update affects only business and professional editions\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7876,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/03\/24\/fully-patched-versions-of-firefox-chrome-ie-11-and-safari-exploited-at-pwn2own-hacking-competition\/","url_meta":{"origin":2063,"position":3},"title":"Fully patched versions of Firefox, Chrome, IE 11 and Safari exploited at Pwn2Own hacking competition","author":"NCCT","date":"March 24, 2015","format":false,"excerpt":"As in years past, the latest patched versions of the most popular web browsers around stood little chance against those competing in the annual Pwn2Own hacking competition. The usual suspects \u2013 Apple Safari, Google Chrome, Mozilla Firefox and Microsoft Internet Explorer \u2013 all went down during the two-day competition, earning\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/V99skqmTyiY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3141,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/08\/microsoft-to-release-three-critical-security-bulletins-tuesday-neowin\/","url_meta":{"origin":2063,"position":4},"title":"Microsoft to release three critical security bulletins Tuesday","author":"NCCT","date":"August 8, 2013","format":false,"excerpt":"In July, Microsoft released six critical security bulletins, out of a total of seven, for its software as part of its regular monthly Patch Tuesday event. For August, Microsoft will release a total of eight security bulletins but just three of them are considered critical. Microsoft's summary of this month's\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6254,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/20\/internet-explorer-running-slow-dialog-boxes-could-be-at-fault\/","url_meta":{"origin":2063,"position":5},"title":"Internet Explorer running slow? Dialog boxes could be at fault","author":"NCCT","date":"August 20, 2014","format":false,"excerpt":"If you\u2019ve noticed Internet Explorer running slowly lately\u2014or just halting altogether\u2014here\u2019s one possible cause: dialog boxes. On Friday, the same day that Microsoft recommended users download the latest updates for Windows 7 and 8, Microsoft issued a hotfix for Internet Explorer. According to a support article issued Friday, \"web applications\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=2063"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2063\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=2063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=2063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=2063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}