Zero Day Found in Flash for ie8 and below

[Nergal 0]

usually Hazelnut posts these (maybe she did and I missed it)

http://thenextweb.com/microsoft/2012/12/29/criminals-use-adobe-flash-and-new-ie-vulnerability-in-targeted-attacks-ie9-and-ie10-users-are-safe/

Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It's great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft's browser.

[hazelnut 2]

At the moment this seems to be targeted at certain sites etc which the hackers want access to.

 

this is another example of a “watering hole” attack, which involves the targeted compromise of legitimate websites thought to be of interest to or frequented by end users who belong to organizations that attackers wish to infiltrate.

 

http://krebsonsecurity.com/2012/12/attackers-target-internet-explorer-zero-day-flaw/

 

Hopefully this will encourage websites and forums to keep their security patches up to date.

 

The nasty guys will always be out there.

[Nergal 0]

follow-up: One-Click Fix Available

 

http://news.cnet.com/8301-1009_3-57561426-83/microsoft-issues-fix-for-ie-flaw-that-could-allow-pc-hijack/

[DennisD 0]

Thanks chaps.

[Andavari 1]

Possible link to that Microsoft fix? Or is it on Microsoft Updates? That CNET link my browser refuses to open.

[DennisD 0]

Just used it ...

 

http://support.microsoft.com/kb/2794220

 

Very slick and quick.