Online attackers just never seem to stop exploiting vulnerabilities in Internet Exporter that has been a favorite for them to execute malicious code on unsuspecting and un-patched PCs., when visiting booby-trapped websites. In there own advisory Microsoft officials had confirmed the active attacks and encouraged its customers to apply a temporary fix as soon as possible.
"These attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents," Andrew Lyons, a Google security engineer, wrote in a blog post published Tuesday. "Users running Windows XP up to and including Windows 7 are known to be vulnerable."
In part if its monthly Patch Tuesday, Microsoft had issued 7 updates that patch 26 vulnerabilities in it software Lyons said that Google researchers alerted Microsoft to the attacks on the XML package two weeks ago and that "Microsoft has been responsive to the issue and has been working with us."
Researchers from antivirus provider McAfee , reported that "The exploit works across all major Windows platforms, including Windows Vista and Windows 7," McAfee researcher Yichong Lin wrote in an advisory. "It leverages return-oriented programming (ROP) exploitation technology to bypass... data execution [prevention] (DEP) and address space layout randomization (ASLR) protections, and hook-hopping evasion techniques to evade host-based IPS detections."
In a frequently asked question section of Tuesday's Microsoft Security Bulletin MS12-037, company officials said:
"Microsoft is aware of limited attacks attempting to exploit the vulnerability. However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published." A corresponding exploitability index said only that exploit code was "likely." But according to Lin, he and his colleagues discovered the attack on June 1 and worked with Microsoft as it prepared Tuesday's fix.
Microsoft on Tuesday issued a temporary fix for a separate vulnerability that attackers are also exploiting to execute malicious code on end-user machines. According to Zero-Day blogger Ryan Naraine, attacks targeting that vulnerability, which resides in an XML component included in Windows, this had prompted recent warnings that Google issued to users who may be the victims of state-sponsored attacks.