A global cyber security monitoring organization has raised its threat level warning after receiving reports of increased attacks on unpatched vulnerabilities of Microsoft Corp.’s Internet Explorer (IE) browser.
“The Internet Storm Centre is beginning to see increasing evidence of exploits in the wild regarding Microsoft Security Advisory 2887505,” a post on the ISC Web site said. “Accordingly, we’re moving the InfoCon up to Yellow.”
Threat level Yellow is two levels below ISC’s Red, the organizations highest threat level. Red means loss of connectivity across a large part of the Internet. Yellow means the impact of the threat is either unknown or expected to be minor to the infrastructure. However, local impact could be significant, ISC said.
Advisory 2887505 from Microsoft last week warned of possible exploits against unpatched versions of IE8 and IE9. The company issued a fix, CVE-2013-3893 MSHTML Shim Workaround, to protect users against attacks.
Microsoft also said that the vulnerability affected all versions of the browser from IE 6 to the yet to be released IE11.
However, ISC said that the fix is an incomplete solution.
“Please note, the fix it seems on helps 32-bit versions of browsers,” according to ISC. “That said the vulnerability affects all versions of Internet Explorer except for instances of Windows Server 2008 and 2012 Core installations.”
“Emerging Threats does have Snort signatures available for this issue: http://www.emergingthreats.net/2013/09/19/daily-ruleset-update-summary-09192013/. Expect Rapid 7 to likely release Metasploit bits in the near term,” the organization said.
The ISC’s threat alert was raised after a report from FireEye Inc., a California-based network security company.
FireEye detailed what it called Operation DeputyDog: Zero-Day, a hacker campaign that started targeting Japanese organizations since August 19.
FireEye said the attackers “leveraged command and control infrastructure that is related to the infrastructure used in the attack on Bit9.
Bit9 Inc., makes a server-based whitelist platform for controlling access points. FireEye said the group that carried out the attack on the company in February this year, may be behind the attacks on Japanese firms.
FireEye said the Bit9 attackers penetrated the security company’s network and injected two variants of the HiKit rootkit. One of these HiKit samples connected to the command and control server. The attackers issued valid certificates for their malware and used those certificates to attack the networks of a number of Bit9 customers.
