Online attackers just never seem to stop exploiting vulnerabilities in Internet Exporter that has been a favorite for them to execute malicious code on unsuspecting and un-patched PCs., when visiting booby-trapped websites. In there own advisory Microsoft officials had confirmed the active attacks and encouraged its customers to apply a temporary fix as soon as possible.
"These attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents," Andrew Lyons, a Google security engineer, wrote in a blog post published Tuesday. "Users running Windows XP up to and including Windows 7 are known to be vulnerable."
In part if its monthly Patch Tuesday, Microsoft had issued 7 updates that patch 26 vulnerabilities in it software Lyons said that Google researchers alerted Microsoft to the attacks on the XML package two weeks ago and that "Microsoft has been responsive to the issue and has been working with us."
Researchers from antivirus provider McAfee , reported that "The exploit works across all major Windows platforms, including Windows Vista and Windows 7," McAfee researcher Yichong Lin wrote in an advisory. "It leverages return-oriented programming (ROP) exploitation technology to bypass... data execution [prevention] (DEP) and address space layout randomization (ASLR) protections, and hook-hopping evasion techniques to evade host-based IPS detections."
In a frequently asked question section of Tuesday's Microsoft Security Bulletin MS12-037, company officials said:
"Microsoft is aware of limited attacks attempting to exploit the vulnerability. However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published." A corresponding exploitability index said only that exploit code was "likely." But according to Lin, he and his colleagues discovered the attack on June 1 and worked with Microsoft as it prepared Tuesday's fix.
Microsoft on Tuesday issued a temporary fix for a separate vulnerability that attackers are also exploiting to execute malicious code on end-user machines. According to Zero-Day blogger Ryan Naraine, attacks targeting that vulnerability, which resides in an XML component included in Windows, this had prompted recent warnings that Google issued to users who may be the victims of state-sponsored attacks.
Source: Microsoft
Back in the 1980s, there was this TV show called “That’s Incredible” where they would showcase people with extraordinary abilities,… Read More
Scientists and doctors in the world seem to be constantly evaluating genetics and discovering new information. It was not that… Read More
The life of a genie cannot possibly be wonderful. It isn’t so much the fact that he or she has… Read More
While children in the United States had Superman to look up to back in the 60s, the children of Japan… Read More
While CPUs and video cards are often upgraded with regularity, components such as cases, storage, optical drives, displays, and power… Read More
Recently there have been some studies done on video gaming and memory. Studies being done on the effects of video… Read More
Noise has long been accepted as part of our daily routine, an unfortunate byproduct of a busy and productive life.… Read More
In January of 1986, someone thought it was an OK idea to put the Replacements on live TV. SNL, to… Read More
