Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Share this article:
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

In total, the software giant expects to deliver 10 patches on Tuesday, although only two are rated "critical." Both of those address IE issues, and experts believe one of them will remediate a zero-day vulnerability affecting version 8 of the popular web browser.

Microsoft disclosed the vulnerability last weekend after reports emerged of a "watering hole" attack going after a section of the U.S. Department of Labor website, with the intended targets apparently being those who conduct nuclear weapons research.

No fewer than nine other sites also were clandestinely seeded with an exploit that takes advantage of the vulnerability. Each of the affected sites are related to energy-related organizations, and researchers believe the malware campaign has been ongoing since mid-March.

Two days ago, Microsoft announced that it has made a Fix-It available to address "known attacks that leverage the vulnerability to execute code," according to a blog post from Dustin Childs, a company spokesman. No restart is required. 

Aside from the critical fixes, Redmond is planning "important" patches for Windows, Office, Server and Tools and the .NET Framework.

Coinciding with the security update, Adobe on Tuesday plans to release fresh versions of its Reader and Acrobat software to address "critical" vulnerabilities, according to an advisory.


Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.