Microsoft Releases Temporary Fix for Internet Explorer Bug
Microsoft released a temporary fix for the Internet explorer bug that hackers exploited to break the website of the US Department of Labor last week. Attackers can exploit the hole by convincing users to visit compromised websites after clicking a link in an e-mail or Instant Messenger message.
The vulnerability allowed remote code execution on Internet Explorer 8 version and spread to other websites as well, including that of an aerospace company. Affected by the vulnerability were also several security, defense and non-profit organizations, according to The Hacker News.
“CVE-2013-1347 MSHTML Shim Workaround” was offered as a solution to prevent dangerous scenarios but doesn’t replace regular security updates.
“Microsoft is aware of attacks that attempt to exploit this vulnerability,” Microsoft representatives said on the Security TechCenter. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
Microsoft also said the vulnerability doesn’t affect other versions of Internet Explorer. The company is investigating the issue and monitoring the threat landscape to take action against malicious sites that attempt to exploit the bug.
Last week, the US Department of Labor website was hacked and used to disseminate malware that collected data from users and sent it to a remote command-and-control server.