Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Advisory : Zscaler Provides Protection for Critical Microsoft Internet Explorer 0day Vulnerability Used in Targeted Attacks

November 2010 by Zscaler

Microsoft today informed Zscaler Labs, via the MAPPs program, of a critical 0day vulnerability in Internet Explorer that is being used in targeted attacks to install a backdoor on vulnerable systems. The attacks are initiated via an email campaign which social engineers victims into visiting an otherwise legitimate website, which has been infected with the 0day exploit. The exploit was designed for Internet Explorer 6 and 7 (although IE 8 is also vulnerable) and the attack therefore first probes incoming requests to identify the browser type and only delivers the exploit to older versions of IE. Once infected, the victim machine then connects to a second server in Poland and downloads additional instructions, delivered in the form of encrypted .gif files. Although the websites used for both the initial infection and subsequent downloads have now been taken down, we fully expect other attack sites to emerge, especially now that this issue has been made public.

While Microsoft has issued a security advisory for this vulnerability and recommended workarounds, a patch is not presently available, and it is not known when one will be issued. In the meantime, Zscaler has deployed protections for this vulnerability, ensuring that Zscaler customers licensed for the Advanced Threat Protection service are shielded from attack without the need to take further action. We will continue to monitor the issue and provide additional protections as warranted. A preliminary analysis of Zscaler logs has not revealed any attacks on Zscaler customers to this point.

2458511 – Microsoft Security Advisory: Vulnerability in Internet Explorer Could Allow Remote Code Execution
CVE: CVE-2010-3962
Severity: Critical
Affected Software
 Internet Explorer 6
 Internet Explorer 7
 Internet Explorer 8


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts