Microsoft To Patch IE Exploit Today

Microsoft is set to patch a security vulnerability (CVE-2013-3918) in Internet Explorer that can allow execution of arbitrary code. The exploit was discovered in the wild by FireEye Labs and made public on November 8. One can imagine that proof of concept code will soon be available when either FireEye amends its public documentation on the vulnerability (after patch release, as per professional courtesy) or when someone reverse engineers the patch due to arrive via Windows Update some time today. In an updated blog post FireEye notes that the payload dropped by the exploit found in the wild was a variant of Hydraq (aka McRAT). The post goes on to elaborate on the command and control servers utilized and is well worth a read.

It appears that this appears to be a well resourced attack with a well defined intended target. No doubt we will receive more information as the situation develops.

UPDATE: The update has been rolled out as MS13-090. ZDNet notes that the update is simply described as an update for Windows. I notice that Microsoft has yet to provide a full advisory to MITRE with the page for their CVE being just a placeholder pending full disclosure.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s