New Poison Ivy attack on IE – critical patch released

September 23rd, 2012 by Stephen Jones Leave a reply »

Redmond on late Monday   urged users to download the Enhanced Mitigation Experience Toolkit if they are using IE version 6 through 9.  IE 10, which is set to debut with the new Windows  8 operating system, is not affected.

Microsoft is aware of targeted attacks that attempt to exploit this vulnerability. A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated,” Microsoft said in its advisory.

“The vulnerability may corrupt memory  in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site.”

 French security Web site reveals the exploit was discovered when analyzing a batch of files hosted on one of the servers the Nitro gang used to distribute attacks that exploited the Java vulnerability..html and Flash files were used to identify proper targets (Windows XP systems running IE 7 and 8) and use a common technique called a ‘heap spray’ to lay the groundwork for a successful iFrame attack against the systems that exploited the vulnerability and used it to install a malicious program, 111.exe. That malware  has been identified as a new variant of the Poison Ivy Trojan horse program,

If Microsoft, issues a snap fix then it means the threat is serious and you should patch immediately,

“Patch Tuesday was designed to introduce the least amount of disruptions, so to break that cycle it means Microsoft thinks is a very real and serious threat where somebody can do damage. Microsoft is moving aggressively to halt the damage

 When you have a complex product there’s always a chance that somebody is going to discover a hole. The process should be that you fix the hole before somebody exploits it. One of Microsoft’s strengths is to respond so quickly to the threat. Not only will there be a patch, Microsoft will also attempt to identify the attacker and get him locked up.


Leave a Reply

You must be logged in to post a comment.