Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Share this article:
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

In total, the software giant expects to deliver 10 patches on Tuesday, although only two are rated "critical." Both of those address IE issues, and experts believe one of them will remediate a zero-day vulnerability affecting version 8 of the popular web browser.

Microsoft disclosed the vulnerability last weekend after reports emerged of a "watering hole" attack going after a section of the U.S. Department of Labor website, with the intended targets apparently being those who conduct nuclear weapons research.

No fewer than nine other sites also were clandestinely seeded with an exploit that takes advantage of the vulnerability. Each of the affected sites are related to energy-related organizations, and researchers believe the malware campaign has been ongoing since mid-March.

Two days ago, Microsoft announced that it has made a Fix-It available to address "known attacks that leverage the vulnerability to execute code," according to a blog post from Dustin Childs, a company spokesman. No restart is required. 

Aside from the critical fixes, Redmond is planning "important" patches for Windows, Office, Server and Tools and the .NET Framework.

Coinciding with the security update, Adobe on Tuesday plans to release fresh versions of its Reader and Acrobat software to address "critical" vulnerabilities, according to an advisory.


Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.