The Internet Explorer vulnerability saga continues to unfold. Microsoft late Thursday released more information about the unpatched XML flaw in IE, and confirmed that the vulnerability in fact affects all supported versions of IE, not just IE 7 as previously thought. Microsoft Malware Protection Center officials said the company has seen exploits against the vulnerability in the wild, including attacks against both home and enterprise users.
The exploit sites we’ve seen so far drop a wide variety of malware — most commonly password stealers like new variants of game password stealers like Win32/OnLineGames and Win32/Lolyda, keyloggers like Win32/Lmir, Trojan horse applications like Win32/Helpud along with some previously unseen malware which we generically detect as Win32/SystemHijack. We fully expect the variety of malware being dropped by this exploit to broaden as the exploit code starts to circulate around the Internet underground.
This issue could impact you even if you avoid surfing questionable sites. Over the past few months, we’ve seen a surge in SQL injection attacks which enable miscreants to inject content onto trusted sites (we even blogged about the technique a few months ago). This class of attack, along with other more classical forms of website intrusion, mean that even trusted sites can end up serving malicious content causing you to get infected.
Microsoft’s Security Response Center has added more information about the attacks and workarounds to its advisory, as well.
We’ve also added additional workarounds to the advisory and updated our guidance to recommend that you evaluate implementing two of the workarounds together for the most effective protection. Specifically, we’re recommending both setting the Internet zone security setting to High and using ACLs to disable Ole32db.dll. Our research so far has shown that these two steps together provide the most effective protections for this issue.