|14 Mar 2011||#1|
| || |
MSFT Confirms'Targeted attacks' against old unpatched IE vulnerability
Microsoft confirms 'targeted attacks' against old, unpatched IE vulnerability
By Ryan Naraine | March 14, 2011, 10:58am PDT
Microsoft’s inability to fix a troublesome browser vulnerability that dates back to 2004 has come back to haunt users of its flagship Internet Explorer browser. The vulnerability, which affects all supported editions of Microsoft Windows, is currently being used to launch “politically motivated attacks” against human rights activists, most likely in China. Microsoft described these as “limited, targeted attacks” and Google says it is seeing attacks against users of a popular (unnamed) social site.
Here is a warning from Google’s security team:
We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site. All these attacks abuse a publicly-disclosed MHTML vulnerability for which an exploit was publicly posted in January 2011. Users browsing with the Internet Explorer browser are affected.
For now, we recommend concerned users and corporations seriously consider deploying Microsoft’s temporary Fixit to block this attack until an official patch is available.
|My System Specs|
|Similar help and support threads for2: MSFT Confirms'Targeted attacks' against old unpatched IE vulnerability|
|Adobe confirms targeted attacks due to security hole in Reader||Security News|
|Java zero day vulnerability actively used in targeted attacks||Security News|
|Targeted attacks - going beyond the technicalities Over 30,000 people||Security News|
|Microsoft Confirms Attacks Targeting Critical ASP.NET Vulnerability||News|
|Unpatched Windows Vulnerability Actively Exploited in the Wild||News|
|Microsoft Confirms Attacks Targeting Critical 0-Day Office Excel Vulnerability||Microsoft Office|
|Unpatched Adobe flaw has been used in attacks since January||News|