Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
My Communities
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Endpoint Protection
View Only
Community Home
Threads
Library
Events
Members
Back to Library
Attackers Targeting the Other IE Zero-Day Vulnerability Covered on Microsoft Patch Tuesday
1
Recommend
Mar 12, 2014 07:16 AM
A L Johnson
On Tuesday, Microsoft released its security updates for Microsoft Patch Tuesday, which included the much needed update to address a zero-day vulnerability affecting Internet Explorer 9 and 10. The exploit for the
Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability
(CVE-2014-0322) was originally used in
targeted attacks
, but it caught on among average cybercriminals. As a result, the exploit currently
affects Internet users in general
.
In this month’s Patch Tuesday, Microsoft covered another Internet Explorer zero-day vulnerability, which is being exploited in the wild. This flaw is known as the
Microsoft Internet Explorer Memory Corruption Vulnerability
(CVE-2014-0324). According to our investigation, the exploit for CVE-2014-0324 takes advantage of Internet Explorer 8. Symantec confirmed the exploit in the middle of February, which we believe was used in a watering hole campaign in order to carry out limited targeted attacks.
The exploit code was implemented in a specially crafted Web page that takes advantage of the vulnerability. If the vulnerability is exploited, a payload is then downloaded from a specific URL on a compromised website. We were, however, unable to acquire the downloaded file at the time of analysis, so we cannot elaborate on the details of the payload. In our testing environment, the exploit triggers Data Execution Prevention (DEP), which is a security feature that attempts to prevent the execution of code from Web pages of memory that are not allowed to run. This means that if DEP is enabled, it will stop the exploit from taking advantage of the flaw.
The confirmed exploit appears to be similar to the exploit used against the
Microsoft Internet Explorer Memory Corruption Vulnerability
(CVE-2013-3897) in attacks last fall, though there are some minor differences between the two.
Symantec customers are protected against attacks exploiting this vulnerability. Our products block the exploit with the following signatures.
AV
Bloodhound.Exploit.541
IPS
Web Attack: Internet Explorer CVE-2014-0324
Web Attack: Internet Explorer CVE-2014-0324 2
Web Attack: Generic Memory Heap Spray 4
Symantec has continued to monitor the threat landscape for further exploits of CVE-2014-0324, but we have only spotted one other possible attack in the same month. We believe that the exploit is only being used to target specific organizations or individuals. For those who may be affected by the exploit, we urge you to apply the patch immediately. We also encourage everyone to always keep their security products up to date.
Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads
Tags and Keywords
Related Entries and Links
No Related Resource entered.
Copyright 2019. All rights reserved.
Powered by Higher Logic