Attacks Continuing Against IE Flaw as Microsoft Preps Patch

Microsoft officials said on Sunday that they are continuing to investigate the attacks that are exploiting the unpatched flaw in Internet Explorer, but that the attacks right now are limited to specifically targeted activity against enterprise networks.

Microsoft officials said on Sunday that they are continuing to investigate the attacks that are exploiting the unpatched flaw in Internet Explorer, but that the attacks right now are limited to specifically targeted activity against enterprise networks.

The company said that it doesn’t look like any of the attacks are being targeted at consumers, and that they are only effective against machines running IE 6, which doesn’t include many of the advanced memory protections that are part of IE7 and IE8. Microsoft is recommending that customers running older versions of Windows XP and IE6 upgrade in order to take advantage of those memory protections.

That said, we remain vigilant about this threat evolving and want to be
sure our customers take appropriate action to protect themselves. That
is why we continue to recommend that customers using IE6 or IE7, upgrade to IE8
as soon as possible to benefit from the improved security protections
it offers. Customers who are using Windows XP SP2 should be sure to
upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3
which enables DEP by default, as soon as possible. Additionally
customers should consider implementing the workarounds and mitigations
provided in the Security Advisory.

Microsoft’s next scheduled patch release isn’t until mid-February, but given that there is public exploit code available and that the vulnerability has been used in known attacks, the company could release an emergency out-of-band patch before then.

Suggested articles

Discussion

  • Anonymous on

    I have apparently been attacked by this malware.  It takes over my face page and sends it elsewhere to "lutz" or "On line shopping"  I think it came isn an email that said "ey You" from china.  The email said they were sorry, bt they needed us to buy more stuff.  I did NOT press the link, but it apparently infected by machine anyway, as it disbled mcafee shortly after that.e and I cannot re -install that program or any other (I have tried kaspersky - won't run.  It disabled my CD writer so that I could not write files to save to it.  I bought Seagate Free Agent - It disabled that too, so that I can't back up my files.  My computer also wouldn't open, but after a big tech bill, I can work on it.  Please tell me how to get rid of this malware.

  • Anonymous on

    Disable system restore, reboot in safe mode, Download and install the latest Malwarebytes.

    www.malwarebytes.org

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.