Skip to content ↓ | Skip to navigation ↓

Microsoft’s Patch Tuesday releases will include a fix for a long-standing Internet Explorer zero-day vulnerability that has been actively exploited in a series of watering-hole attacks since early this year.

The malicious code used in the drive-by attacks is believed to have been for sale on the black market, and utilized by more than one criminal group to compromise the websites of the US Veterans of Foreign War, a popular Japanese transportation website, a Taiwanese English School, Hong Kong University’s Chemistry Department, and on a bogus French aerospace association website.

“It’s a brand new zero-day that targets IE 10 users visiting the compromised website – a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it,” researchers explained at the onset of the attacks.

“We believe the attack is a strategic Web compromise targeting American military personnel amid a paralyzing snowstorm at the U.S. Capitol in the days leading up to the Presidents Day holiday weekend. Based on infrastructure overlaps and tradecraft similarities, we believe the actors behind this campaign are associated with two previously identified campaigns (Operation DeputyDog and Operation Ephemeral Hydra),” the researchers added in subsequent analysis.

In October offered two patches for Internet Explorer zero-day vulnerabilities, the first of which was key to multiple targeted attacks in the wild like the water-hole style attacks mentioned above and the compromise of security vendor Bit9 last year, and the second zero-day which had been exploited in more generic attacks for about one month last fall.

In December, Microsoft issued a patch for a TIFF zero-day flaw in its GDI+ graphics component that was known to have been actively exploited in targeted attacks using tainted Word documents sent by to victims via email since early November.

Read More Here…