As far as internet browsers go, Internet Explorer has always been one of the most consistently vulnerable. If you insist on using the browser, however, it is vital to know that Microsoft just released a new zero day patch. The patch was for vulnerability CVE-2016-3351, which was uncovered by researchers at Proofpoint and Trend Micro. Before the patch, two major malvertising campaigns were carried out by the groups AdGholas and GooNky.
The basic idea behind the CVE-2016-3351 vulnerability, according to DarkReading’s Jai Vijayan, is that it’s “a way to identify and avoid systems belonging to security researchers and vendors while letting them target ordinary users with a high degree of efficiency.” A Proofpoint report detailed how this occurs, showing that a MIME check allows for various systems with shell extension associations like .py, .pcap, and .saz to be filtered out. This leads to “systems running traffic capture tools and applications such as Fiddler and Python that are frequently found on endpoints used by researchers, vendors, and developers” coming under attack. The main attack resulted from baiting users into visiting malicious sites, which then infected machines with various trojans.
The really perplexing part of this particular patch is that Microsoft has known about CVE-2016-3351 since last year. The company did not act on it initially as it was determined that that there was not a great threat from it. Based on this patch and the preceding attacks due to it, it turns out Microsoft was very wrong in its analysis. To prevent further incidents, or at least reduce their likelihood in the future, Microsoft will have to re-think its approach to vulnerabilities. As Proofpoint’s report states, “software vendors need to maintain comprehensive patching regimens, organizations and users must rethink patching prioritizations, and researchers need to look for new avenues to detect malicious activity.”
Because users rely on company patches to keep them safe from threat actors, Microsoft and other software makers must do a better job.
Photo credit: Proofpoint