Visitors Now:
Total Visits:
Total Stories:
Profile image
By BARRACUDA (Reporter)
Contributor profile | More stories
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

Gmail Accounts Targeted By ‘State-Sponsored Attackers’ Using Internet Explorer Zero-Day Vulnerability

Sunday, June 17, 2012 16:43
% of readers think this story is Fact. Add your two cents.

(Before It's News)

by Lisa Vaas on June 15, 2012 |Comments (1)

Filed Under: Featured, Malware, Privacy, Vulnerability

IE and GmailBoth Google and Microsoft have put out alerts about an unpatched, zero-day hole in Internet Explorer that didn't get fixed on Patch Tuesday and is actively being exploited in the wild.

According to ZDNet, those attacks are apparently being launched by the "state-sponsored attackers" that Google warned Gmail users about last week.

Neither Google nor Microsoft referred to those state attackers in their respective security warnings. ZDNet attributed that particular detail to a source it said was "close to these investigations".

This source confirmed to ZDNet that the attacks motivated Google to warn Gmail users last week about the attackers.

As ZDNet pointed out, Gmail users have been reporting on Twitter that they've been hit by the Gmail warning.

Google security engineer Andrew Lyons wrote in the company's security blog that Google reported the vulnerability to Microsoft on May 30 and that the two companies have been working on the problem since.

He wrote on Tuesday:

Today Microsoft issued a Security Advisory describing a vulnerability in the Microsoft XML component. We discovered this vulnerability - which is leveraged via an uninitialized variable - being actively exploited in the wild for targeted attacks.

Lyons said that the attacks are spreading both from malicious web pages set up to snare Internet Explorer users and through Office documents.

Users running any flavor of supported Windows are vulnerable, from XP onwards up to and including Windows 7. All supported editions of Microsoft Office 2003 and Microsoft Office 2007 are also vulnerable.

The hole hasn't been stitched up yet, but Microsoft is suggesting a workaround that will help prevent it from being exploited.

Microsoft Fix itMicrosoft's security advisory recommends that IE and Office users immediately install a Fix it solution, downloadable with instructions from Microsoft Knowledge Base Article 2719615, until the company gets the final fix out.

The vulnerability crops up when Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 try to access an object in memory that hasn't been initialized, which can corrupt memory such that an attacker could execute arbitrary code on a hijacked machine.

.MORE HERE

Report abuse

Comments

Your Comments
Question Razz Sad Evil Exclaim Smile Redface Biggrin Surprised Eek Confused Cool LOL Mad Twisted Rolleyes Wink Idea Arrow Neutral Cry Mr. Green

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.