Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: The Zero-Day Pendulum Swings - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The Zero-Day Pendulum Swings

Thanks to some readers Ken and Paul, we've been supplied with some Zero-Day reading.   The best I can skim in short notice on these stories that developed yesterday is that Microsoft is looking into claims of an IE 8 vulnerability. [1]    IE 6,7,9,10 are claimed to be unaffected.

I suggest the pendulum analogy because one article cites a US Government website was hacked [2] by way of a 'watering hole' attack to exploit [3] with what is now believed to be 'zero-day' but was originally thought to be exploited by a slightly modifed version of a well known trojan named 'Poison-Ivy'.[4]

Too many links, too little time.  There is a lot of good reading out there right now, leaving much to review as this issue develops.   So please share your comments and knowledge on this issue with us and our community as it develops.

[1] http://technet.microsoft.com/en-us/security/advisory/2847140
[
2] http://labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/
[
3] http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/
[
4] http://www.invincea.com/2013/05/part-2-us-dept-labor-watering-hole-pushing-poison-ivy-via-ie8-zero-day/


-Kevin
--
ISC Handler on Duty

 

Kevin Shortt

81 Posts
ISC Handler
- http://www.securitytracker.com/id/1028514
CVE Reference: CVE-2013-1347
May 4 2013
.
Jack

160 Posts
Microsoft have pulled their advisory and removed all links to it. The only information available on this vulnerability are contained in the third-party articles.
Jack
3 Posts
The first link references a Microsoft advisory that is still/once again valid: http://technet.microsoft.com/en-us/security/advisory/2847140
z3ndrag0n

2 Posts

Sign Up for Free or Log In to start participating in the conversation!