Google Aurora Attackers Behind Internet Explorer Zero-Day Attacks


Researchers first detected the latest round of attacks coming from the Council on Foreign Relations website. Since then, several other sites have been found to be infected with the watering-hole-style attack, including the Capstone Turbine Corporation, a maker of power generation systems.

The remote code execution vulnerability affects Internet Explorer 6, 7 and 8. The attackers use the attack technique to bypass security restrictions designed to prevent malicious code from executing in memory.

Microsoft responded on Jan. 2, issuing an automated, temporary patch while it works on a permanent fix to the coding error. The company indicated on Thursday that it did not have plans to patch Internet Explorer next Tuesday during its regularly scheduled patching cycle.

Despite no indication of a patch next week, patching administrators should not rule out an emergency security update fixing the issue, said Graham Cluley, a senior technology consultant at U.K.-based Sophos.

"Considering the lack of time Microsoft has had to work on and test a fix, the availability of workarounds, and the relatively low level of activity, it wouldn't be a surprise if they didn't manage to include it," Cluley said. "We would, however, not be surprised if Microsoft issued an out-of-band fix before the regular February rollout of patches."

PUBLISHED JAN. 4, 2013