Microsoft releases temporary fix for IE zero-day vulnerability targeted by Operation SnowMan hackers

Microsoft releases temporary fix for IE zero-day vulnerability targeted by Opera

On Wednesday, software giant Microsoft released a temporary solution - 'Fix It' - for preventing exploitation of a new zero-day vulnerability in Internet Explorer (IE). The temporary fix from Microsoft comes almost one week after reports revealed that the vulnerability was being leveraged by hackers in "limited targeted attacks."

Last week, security firm FireEye had found that hackers had launched 'Operation SnowMan' campaign in an attempt to infiltrate US military veterans' website VFW. org. Operation SnowMan hackers were apparently able to break into the computer systems of the attack victims by leveraging vulnerabilities in Microsoft services.

In its Wednesday security advisory accompanying the 'Fix It' temporary solution to patch the IE vulnerability, Microsoft admitted that it was aware of Operation SnowMan hackers' "limited, targeted attacks" which attempted to exploit the CVE-2014-0322 vulnerability. The company also added that the vulnerability affects the IE 9 and IE10 versions, but not IE 11.

Noting that "the vulnerability is a remote code execution vulnerability," Microsoft said in its security advisory: "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

Meanwhile, the temporary fix for the vulnerability is now available for download on the Microsoft support page. The fix works by instructing affected Microsoft services to enter a 'restricted' mode which blocks the hackers' movements.

General: 
Companies: