The zero-day vulnerability in the popular Internet Explorer browser disclosed last week is reported to be linked to several targeted attacks, with malware is being served up by systems belonging to multiple Japanese media outlets, prompting the SANS Internet Storm Center to raise the threat level advisory.
The water-hole style attacks are infecting the system’s of victims with malware similar to the McRAT remote access malware, and reports indicate that the attacks have compromised networks belonging to the Japanese government and private industry.
“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,” Microsoft’s advisory stated.
The targeted attacks have been dubed “Operation DeputyDog,” and it is unclear at this point whether or not the compromised sites distributing the malware have been remediated.
Microsoft is planning to release a patch for the vulnerability, but a timeline has not been announced. Meanwhile, the company recommends limiting the configured rights of users to only the level essential to help mitigate this threat
Microsoft also recommends users “apply the Microsoft Fix it solution, “CVE-2013-3893 MSHTML Shim Workaround”, that prevents exploitation of this issue. See Microsoft Knowledge Base Article 2887505 to use the automated Microsoft Fix it solution to enable or disable this workaround.”