Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Share this article:
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office
Microsoft patches 18 Internet Explorer vulnerabilities, closes an actively exploited hole in Office

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

In total, the software giant expects to deliver 10 patches on Tuesday, although only two are rated "critical." Both of those address IE issues, and experts believe one of them will remediate a zero-day vulnerability affecting version 8 of the popular web browser.

Microsoft disclosed the vulnerability last weekend after reports emerged of a "watering hole" attack going after a section of the U.S. Department of Labor website, with the intended targets apparently being those who conduct nuclear weapons research.

No fewer than nine other sites also were clandestinely seeded with an exploit that takes advantage of the vulnerability. Each of the affected sites are related to energy-related organizations, and researchers believe the malware campaign has been ongoing since mid-March.

Two days ago, Microsoft announced that it has made a Fix-It available to address "known attacks that leverage the vulnerability to execute code," according to a blog post from Dustin Childs, a company spokesman. No restart is required. 

Aside from the critical fixes, Redmond is planning "important" patches for Windows, Office, Server and Tools and the .NET Framework.

Coinciding with the security update, Adobe on Tuesday plans to release fresh versions of its Reader and Acrobat software to address "critical" vulnerabilities, according to an advisory.


Share this article:

Sign up to our newsletters

More in News

Study shows how attackers make use of websites existing for less than 24 hours

Study shows how attackers make use of websites ...

Looking at the top 50 of parent domains that produced websites existing for less than 24 hours, researchers with Blue Coat Security Labs observed that 22 percent were malicious.

Phishing campaign lures victims with models' photos

Two nude models' photos reeled in unsuspecting victims who handed over their Facebook logins to gain access to adult material.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year ...

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.