Microsoft Patch Tuesday addresses exploited IE zero-day
Microsoft says IE issue believed to have been exploited by Chinese hackers will be addressed this Patch Tuesday.
Microsoft will fix an Internet Explorer vulnerability that has been used in exploits allegedly carried out by Chinese hackers, but Patch Tuesday will not cover a Windows zero-day that has also been used in various attacks.
Over the weekend, FireEye researchers said a US website of strategic importance to the attackers' targets had been hacked to serve up an Internet Explorer zero-day.
The attackers were associated with those responsible for breaches of Google and others in the Operation Aurora attacks of 2009, and the compromise of security outfit Bit9. FireEye believes they are based in China.
We are actively looking into this issue and will take appropriate action to help protect customers.
But the flaw is set to be closed off by Microsoft in today's Patch Tuesday, the software giant confirmed to IT Pro.
A blog post from Dustin Childs, group manager at Microsoft's Trustworthy Computing Group, also confirmed the issue would be resolved, without referring specifically to the FireEye findings.
"Late last Friday a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publicly disclosed," Childs said.
"We have confirmed that this vulnerability is an issue already scheduled to be addressed in Bulletin 3, which will be released as MS13-090."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The Patch Tuesday fixes are set to be released at 6pm GMT today. Those who cannot wait till then have been advised to block ActiveX Controls and Active Scripting. They could also deploy Microsoft's Enhanced Mitigation Experience Toolkit (EMET), which should not negatively affect use of the browser.
"We are actively looking into this issue and will take appropriate action to help protect customers," a Microsoft spokesperson added.
However, Microsoft will not fix a vulnerability affecting Windows' rendering of TIFF images. Attacks exploiting that flaw have hit various Pakistani organisations, via a malformed graphics image embedded in a Microsoft Word document.
Those hits were linked to Operation Hangover, a campaign that had previously hit Pakistani government bodies. FireEye also saw another operator, the Arx group, using the flaw to hit Indian and Pakistani bodies with the Citadel Trojan, a variant of banking malware Zeus.
-
Application security risk: How leaders can protect their businessesApplication security risk is higher than ever, as new services and expanding attack surfaces put pressure on cyber leaders
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker groupNews An analysis of May's SQL database dump shows how much LockBit was really making
