Categories: Channel News

Microsoft Struggles To Fix Beseiged Internet Explorer

Websites have been spotted exploiting an unpatched vulnerability in Internet Explorer (IE), used in attacks from the same highly-sophisticated group that hit Google in the famous Aurora attacks of 2009/10.

The zero-day vulnerability caused panic at the start of this month, leading Microsoft to rush out a ‘Fix It’ solution while it worked on issuing a proper patch. Unfortunately, at the end of last week, researchers from vulnerability expert Exodus Intelligence said they had easily broken the workaround for Internet Explorer.

Internet exploited

Researchers found the vulnerability was being used in watering hole attacks, where hackers infect websites commonly frequented by their intended victims to serve up spying malware via their Internet Explorer browsers. Only versions 6 to 8 of IE are said to be affected.

This was flagged up by Jaime Blasco, head of labs at AlienVault, and his team two weeks ago when they found a watering hole campaign targeting the Council on Foreign Relations (CFR) portal in the US. They promptly sent the information to Microsoft Security Response Centre (MSRC) which issued a Security Advisory warning users of Internet Explorer 6,7 and 8 that they could be vulnerable to remote execution hacks. Later the “fix” was issued which Exodus attacked.

Malware researchers at Sophos have now discovered more sites serving up exploits taking advantage of the remote code execution flaw. One was a website for the Uyghur people of East Turkestan, who are campaigning for independence from China.  The other was an Iranian oil company, based in Tehran, but Sophos would not give a name because the site was still carrying the infection.

UPDATE: Dustin Childs, group manager for Microsoft Trustworthy Computing, sent the following statement to TechWeekEurope: “We’ve reviewed the information from Exodus and are working on an update, which we will make available to all customers on IE6-8 as soon as it is ready for distribution. In the meantime, the current Fix It, mitigations and workarounds available in Security Advisory 2794220 fully protect against all known active attacks. We also continue to encourage customers to upgrade their browsers to IE9-10, which are not affected by this issue.”

This article appeared on TechWeekEurope. Click here for the full story.

Eric Doyle

Eric is a veteran British tech journalist with expertise in security, the channel, and Britain's startup culture

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago