Entries with tag zero-day vulnerabilities.

Microsoft Issues a Fix for Windows Zero-Day Vulnerability

Microsoft released a fix for a critical zero-day vulnerability in Internet Explorer 8 for all Windows versions being actively exploited. Some hackers took advantage of the flaw to launch watering-hole attacks on US government employees. The vulnerability is reportedly related to how the browser processes page layout information. In these attacks, hackers use website flaws to implant malware, which infects subsequent visitors. The Microsoft patch is a temporary solution until the company develops a security update that more thoroughly addresses the problem. (ZDNet)(Dark Reading)(Computing Now NewsFeed – 2013 May 6)(Microsoft Security Advisory)
 

Microsoft Zero-Day Vulnerability Targets US Nuclear Researchers

Microsoft has confirmed that a zero-day vulnerability exists in all versions of Internet Explorer 8, the company’s most popular browser. Security researchers say hackers have used the vulnerability in attacks against US Department of Energy nuclear-weapons scientists as well as US Department of Labor employees. The DoE’s Site Exposure Matrices website, used for information related to illnesses in employees who work in developing or disarming nuclear weapons, was specifically targeted in a watering-hole attack. In these attacks, hackers use website flaws to implant malware, which infects subsequent visitors. One security expert says these types of attacks will be successful unless users begin utilizing advanced browser protection software, such as virtual containers. Similar recent attacks have affected the Council on Foreign Relations think tank, NBC, and Capstone Turbine, a renewable energy firm, according to NextGov, a news and analysis website for US federal IT managers. Microsoft indicated it will issue a fix for its browser vulnerability but has not said when. The company’s next regularly scheduled security update will be on 14 May. (Computerworld)(ZDNet)(NextGov)

Showing 2 results.