Users of Microsoft's last three Internet Explorer web browsers should be aware of a new security issue that is already being used by hackers to distribute a back door malware threat. The issue was first found by security researcher Eric Romang.
In a blog post this weekend, Romang states that this "zero day" exploit uses Flash Player that can bypass the ASLR (Address Space Layout Randomization) security in Windows:
http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/ The exploit then delivers the "Poison Ivy" malware on a PC. This new security hole, which was later confirmed by "Rapid7", affects IE7, IE8, and IE9 on Windows XP, Vista and 7:
https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploitCnet got a comment from Microsoft, which states:
"We're aware of targeted attacks potentially affecting some versions of Internet Explorer.... We have confirmed that Internet Explorer 10 is not affected by this issue. We recommend customers deploy Microsoft's Enhanced Mitigation Experience Toolkit (EMET) 3.0, which provides effective protections without affecting the Web browsing experience. We will continue to investigate this issue and take further actions as appropriate."
Microsoft has been patching security holes in Internet Explorer 9 recently, including one that was plugged in the August "Patch Tuesday" batch. There's no word when Microsoft will release a patch for this latest IE problem.
(NW)