Categories: SecurityWorkspace

Microsoft Pressured To Patch Zero Day As VUPEN Creates Serious Exploit

Microsoft is facing pressure to patch a zero-day threat that is being exploited in the wild, as vulnerability seller VUPEN has found a way to make the exploit work across all Windows platforms.

Attack code for the CVE-2012-1889 flaw, which affects Microsoft XML component found in Internet Explorer, was published earlier this month. The vulnerability could allow remote code execution if a user visits a specially-crafted webpage on Internet Explorer.

Security researchers have seen attempts to spread malware via an injection of malicious iframes on websites.

Sophos found a website of a European aeronautical parts supplier had been hacked and was serving up a malicious attack exploiting CVE-2012-1889. The drive-by attack vector was similar to another it had seen affecting a European medical company earlier this week, which was also taking advantage of the zero-day security hole.

Google has also been warning the flaw was linked to state-sponsored attacks.

VUPEN’s vicious vector

Today, VUPEN revealed it had downloaded the exploit code and made it into something much more serious. It said the in-the-wild exploits it had seen could only harm those running Windows XP, but its attack method could hit Windows 7 users too.

VUPEN’s chief executive Chaouki Bekrar told TechWeekEurope it could bypass additional security such as Protected Mode and address space layout randomization (ASLR), a technology that strengthens system security by increasing the diversity of attack targets. ASLR is a prophylactic measure rather than a cure, which randomises the memory layout of an executing program, decreasing the probability an exploit attempt will work.

“To demonstrate the criticality of the flaw, and raise the alarm over it to force Microsoft to release a patch we downloaded the in-the-wild exploit and we worked in our lab to transform it into a sophisticated code that works on all Windows including Windows 7,” Bekrar said.

“We hope that Microsoft will release an out-of-band patch as we know now that the flaw is more critical than thought…. they should react before the situation becomes worse.”

Bekrar admitted it was hard to transform the attack code as VUPEN researchers had to a find a new technique. This could indicate only well-funded and highly technical hackers could create something similar to VUPEN for malicious purposes.

VUPEN is planning to show how it transformed the exploit once Microsoft has introduced a patch.

There is currently no patch for CVE-2012-1889, but Microsoft has offered various workarounds, as well as a “Fix it” solution which Google advised users to initiate. IT teams can find Microsoft’s guidance on those fixes here.

At the time of publication, Microsoft had not responded to a request for comment on the situation.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

4 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

19 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

21 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

23 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

23 hours ago