Cybercrime | News

Microsoft releases fix for IE Zero-Day

Posted: September 18, 2013 by Joshua Cannell

Microsoft disclosed information on a new Internet Explorer zero-day vulnerability yesterday in a security advisory.

internet-explorer

Dubbed CVE-2013-3893, the vulnerability exists in SetMouseCapture within mshtml.dll, part of Internet Explorer 6 through 11.

Fortunately, Microsoft released a “Fix it” workaround that will patch mshtml.dll and remove the vulnerability. Internet Explorer users should apply the Fix It immediately.

While Microsoft stated this vulnerability has only been seen in “extremely limited, targeted attacks,” it’s likely we’ll see more of it in the coming days, and perhaps integrated into exploit kits.

Emerging Threats, a leading provider in Intrusion Detection System (IDS) rules, updated their free ruleset yesterday with three rules detecting this vulnerability.

Web browsers are frequently attacked by exploits, which in turn usually lead to malware infections. For this reason, it’s very important that users consider security when choosing a web browser.

However, even the most secure web browser isn’t perfect, so it’s always nice to have additional protection.

Malwarebytes Anti-Exploit is designed to safeguard users from exploits targeting various applications, including those targeting Internet Explorer.

We’re pleased to report that Malwarebytes Anti-Exploit users were already protected from this vulnerability prior to its public release, as the vulnerability uses a special technique to execute malicious code that’s already blocked by Malwarebytes Anti-Exploit.

anti-exploit

If you’re interested in trying out Malwarebytes Anti-Exploit BETA, you can download it for free by clicking here.

_______________________________________________________________________________

Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and in-depth analysis on current malware threats. He has over 5 years of experience working with US defense intelligence agencies where he analyzed malware and developed defense strategies through reverse engineering techniques. His articles on the Unpacked blog feature the latest news in malware as well as full-length technical analysis.  Follow him on Twitter @joshcannell

RELATED ARTICLES

Fishing in a lake
Cybercrime

Law enforcement reels in phishing-as-a-service whopper

April 18, 2024 - A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

CONTINUE READING 0 Comments
Cerebral logo
News | Privacy

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

April 18, 2024 - The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

CONTINUE READING 0 Comments
JuicyFields investment scam
News | Scams

Cannabis investment scam JuicyFields ends in 9 arrests

April 18, 2024 - JuicyFields was an investment scam that urged victims to invest in cannabis production.

CONTINUE READING 0 Comments
A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Joshua Cannell

Joshua Cannell

Malware Intelligence Analyst

Gathers threat intelligence and reverse engineers malware like a boss.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams