Thursday, January 3, 2013

Meanwhile, in Windows land...

"Vulnerability in Internet Explorer Could Allow Remote Code Execution."

"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8."

Microsoft Security Advisory (2794220)

I noticed this story on KrebsonSecurity, which has more details of the nature of the targeted attack:
...this is another example of a “watering hole” attack, which involves the targeted compromise of legitimate websites thought to be of interest to or frequented by end users who belong to organizations that attackers wish to infiltrate.
Users of affected Windows software are advised to run along and get the fix. Off you go. Now.

Desktop Linux users can put the previous story in context.

Update: The fix has been bypassed. Windows users with a fully patched system are at risk.

No comments:

Post a Comment