Patched IE zero-day and older flaw exploited in ongoing targeted attacks
Posted on 10 October 2013.
With this month's Patch Tuesday, Microsoft has delivered the patch for the infamous Internet Explorer zero-day (CVE-2013-3893) that has been spotted being used in attacks that date as back as three or four months ago and have been tied to the Chinese hacking group that hit Bit9 earlier this year.

What has received a little less attention is that a patch for another IE zero-day actively exploited in the wild has been released simultaneously: CVE-2013-3897.

"The vulnerability is caused by a 'use-after-free' error when processing 'CDisplayPointer' objects within mshtml.dll and generically triggered by the 'onpropertychange' event handler; the vulnerability could be exploited remotely by attackers to compromise a system via a malicious web page," Elad Sharf, Senior Security Researcher at Websense, explained in a blog post.

The flaw is being exploited in a series of highly targeted, low-volume attacks in Korea, Hong Kong, and the US, aimed at companies in the finance, engineering and construction, manufacturing and government sectors.

The attack lure pages are located in a network range assigned to the Republic of Korea, and present a consistent URL structure (x.x.x.x/mii/guy2.html). It's also interesting to note that there are other pages - with the same structure - that serve an exploit for an older IE flaw (CVE-2012-4792) which has been patched a while back.

And while the exploit for the CVE-2013-3897 bug is triggered only by visitors running Windows XP 32-bit with the language set to Japanese or Korean and owners of IE 8, the CVE-2012-4792 exploit doesn't make any distinctions and targets all visitors.

“Cybercriminals continue to innovate; they find zero-day vulnerabilities and utilize them in low volume targeted attacks, and in parallel they also employ older well-known exploits," says Sharf. "This is indicative of them having conducted thorough reconnaissance in order to deliver payloads that they believe are likely to succeed."









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //