Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Share this article:
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

In total, the software giant expects to deliver 10 patches on Tuesday, although only two are rated "critical." Both of those address IE issues, and experts believe one of them will remediate a zero-day vulnerability affecting version 8 of the popular web browser.

Microsoft disclosed the vulnerability last weekend after reports emerged of a "watering hole" attack going after a section of the U.S. Department of Labor website, with the intended targets apparently being those who conduct nuclear weapons research.

No fewer than nine other sites also were clandestinely seeded with an exploit that takes advantage of the vulnerability. Each of the affected sites are related to energy-related organizations, and researchers believe the malware campaign has been ongoing since mid-March.

Two days ago, Microsoft announced that it has made a Fix-It available to address "known attacks that leverage the vulnerability to execute code," according to a blog post from Dustin Childs, a company spokesman. No restart is required. 

Aside from the critical fixes, Redmond is planning "important" patches for Windows, Office, Server and Tools and the .NET Framework.

Coinciding with the security update, Adobe on Tuesday plans to release fresh versions of its Reader and Acrobat software to address "critical" vulnerabilities, according to an advisory.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

WikiLeaks makes FinFisher surveillance software available to public

Copies of controversial surveillance software, called "FinFisher," were made available for public scrutiny by WikiLeaks.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

Documents reveal NSA plans to map every internet connected device in the ...

Documents provided by Edward Snowden reveal that the NSA is looking to build a near real-time map of every single internet-connected device in the world.