New zero-day vulnerability attack on IE8–So upgrade to IE9 or 10!

By on May 4, 2013 8:26:39 AM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2159

 

The time has come to upgrade to IE9 or 10 for all Windows users. A zero day attack started on a specific group of government workers government workers:

"The target of this attack appears to be employees of the Dept of Energy that likely work in nuclear weapons research," Invincea researchers wrote in a separate report published Wednesday.

cruising a Dep’t of Labor website which deals with illnesses observed in nuclear workers. This kind of attack using a targeted webpage to infect computers is called a “watering hole” attack as the website serves the targeted users, specifically.

Originally the vulnerability surfaced on IE8 Windows XP computers. The attack starts with a “redirect” browser hijack to imtermediary sites which then exploit the zero day vunerability using a variant of the “Poison Ivy” backdoor Trojan.

There are experts who are convinced that IE8 on Windows Vista and Windows 7 makes those systems vulnerable as well, but that is unconfirmed.

If you can’t move on from IE8, MS has issued these instructions:

  • Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
    This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
    This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

This attack was generated by “DeepPanda” a group of hackers believed to be in China.

Source:

http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/

7 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
May 5, 2013 4:18:08 PM from WinCustomize Forums WinCustomize Forums

The validity of this was confirmed by Microsoft today.

http://www.neowin.net/news/microsoft-confirms-exploit-in-internet-explorer-8

Reason for Karma (Optional)
Successfully updated karma reason!
May 5, 2013 4:20:00 PM from WinCustomize Forums WinCustomize Forums

Reason for Karma (Optional)
Successfully updated karma reason!
May 5, 2013 4:26:34 PM from WinCustomize Forums WinCustomize Forums

Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

All good and well in theory only.

Quite a bit of medical apps require IE8 ( no higher ) and setting intranet and trusted sites to LOW. Try to get a medical app vendor to update THEIR software. HA!! Not likely at all.

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
May 5, 2013 4:51:51 PM from WinCustomize Forums WinCustomize Forums

Phoon, I absolutely agree. Perhaps the MS confirmation of the Poison Ivy variant's ability to enable remote code execution should worry them.

After all, HIPPA doesn't smile upon medical info being put in a vulnerable position. Maybe that fact might "alter" their mindset...especially in light of the fines involved.

Worse: Along with those records, personal info such as social security numbers might be leaked.

Reason for Karma (Optional)
Successfully updated karma reason!
May 5, 2013 11:42:13 PM from Elemental Forums Elemental Forums

Thanks for the heads-up Doc

Reason for Karma (Optional)
Successfully updated karma reason!
May 6, 2013 1:29:39 AM from Elemental Forums Elemental Forums

ie8? i read somewhere some uk gov site requires ie 6 and no higher... or some such

Reason for Karma (Optional)
Successfully updated karma reason!
May 6, 2013 2:02:35 AM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

Updating to IE9 might be viable if it actually worked for XP, fortunately I quit using IE8 for Firefox a long time ago.

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108433  walnut3   Server Load Time: 00:00:00.0000250   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.