From: InfoSec News (alertsinfosecnews.org)
Date: Mon May 06 2013 - 01:41:36 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/

By Dan Goodin
Ars Technica
May 3 2013

Attackers exploited a previously unknown and currently unpatched
security bug in Microsoft's Internet Explorer browser to surreptitiously
install malware on the computers of federal government workers involved
in nuclear weapons research, researchers said Friday.

The attack code appears to have exploited a zero-day vulnerability in IE
version 8 when running on Windows XP, researchers from security firm
Invincea said in a blog post. The researchers have received reports that
IE running on Windows 7 is susceptible to the same exploit but have not
been able to independently confirm that. Versions 6 and 7 of the
Microsoft browser don't appear to be vulnerable.

Update: In an advisory published a couple hours after this article went
live, Microsoft confirmed a code-execution vulnerability in IE8.
Versions 6, 7, 9, and 10 of the browser are immune to the exploit.
People using IE8 should upgrade to versions 9 or 10, if at all possible.
Those who are unable to move away from version 8 should take the
following mitigations:

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]