Microsoft issues quick fix for IE zero-day vulnerability

Microsoft has responded to public reports of a zero-day vulnerability in Internet Explorer (IE) 6, 7 and 8, suggesting temporary measures to help users to mitigate the issue. The company said that the quick fix is not intended to be a replacement for any security update and recommended that latest security updates should be installed as soon as possible.

The security flaw (CVE-2012-4792) was initially discovered by security tools firm FireEye on the Council on Foreign Relations website on 27 December. The attack had been running for at least a week, and perhaps longer, before it was detected. Retrospective analysis by Sophos suggests the same exploit was used on at least five additional websites, suggesting attacks based on the bug are far from limited.

The vulnerability can be exploited by manipulating a website in order to attack vulnerable browsers, one of the most dangerous types of attacks known as a drive-by download. Victims merely need to visit the tampered site in order for their computer to become infected. To be successful, the hacker would have to lure the person to the harmful website, which is usually done by sending a malicious link via email.

The attack delivers a piece of malware nicknamed Bifrose, a malware family first detected around 2004. Bifrose is a "backdoor" that allows an attacker to steal files from a computer. Symantec wrote that the attacks using the IE vulnerability appear to be limited and concentrated in North America, indicating a targeted attack campaign.

Read more -here-

• US moves to force ByteDance to sell TikTok
• Ray-Ban Meta smart glasses can now play Apple Music
• Apple's AI will work without an Internet connection
• Tesla recalls new Cybertrucks over accelerator hazard
• Comcast rolls out 'Now' prepaid phone and internet plans
• Logitech adds ChatGPT button to hardware