“We also found a fake domain of a company that builds turbines and power sources used in several applications including utilities and power plants,” Blasco said. “We were able to check that the official website of the company has been compromised as well and it is serving the Internet Explorer ZeroDay to the visitors. They’ve included an iframe to the exploit in the entry page.”
Blasco and his team also found that the exploit code has evolved and is now able to infect not only Windows XP but also Windows 7 32-bit running Java 6.
Microsoft is busily working on a patch for the issue and also said that it will soon issue an interim fix for the exploit. “We will release a fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday,” the company said in its security blog.
Microsoft has not commented on the defense industry targets, and the company downplayed the impact of the vulnerability in the posting. “We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue,” Yunsun Wee, director of Microsoft’s Trustworthy Computing Group said in the advisory. “We are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog and on Twitter at @MSFTSecResponse.”
The IE zero-day was likely created by the same authors behind the recent Java zero-day that wreaked so much havoc so quickly just two weeks ago, and using the same malicious Poison Ivy payload as the Java exploit.
Redmond’s fix is a one-click solution for any Internet Explorer user, which will not affect users' ability to browse the web, said the company. “It will provide full protection against this issue until an update is available.”
While it works on a patch, Microsoft has published a security advisory recommending that customers also use the Enhanced Mitigation Experience Toolkit (EMET) to implement roadblocks to prevent the zero-day exploit from working. Also, it said that customers should set the internet and local intranet security zone in Internet Explorer to “high” to block ActiveX controls and Active Scripting from running, or configure it to prompt before executing. This will affect business application performance but will keep the environment safe, Microsoft noted.