While Microsoft is still working to patch the recently reported zero-day vulnerability targeting Microsoft Windows and Office products, another critical flaw has emerged. The new security threat affects Internet Explorer versions 7 through 10.
Over the weekend, FireEye, a security platform provider, has submitted a report to their blog that digs into the details of the new liability.
FireEye reports:
This payload has been identified as a variant of Trojan.APT.9002 (aka Hydraq/McRAT variant) and runs in memory only. It does not write itself to disk, leaving little to no artifacts that can be used to identify infected endpoints.
Attacks can be blocked by installing the latest version of Microsoft's Enhanced Mitigation Experience Toolkit, as Microsoft has not yet officially publicized the newly reported vulnerability.
Be ready and read through FireEye's full explanation about the latest active attacks:
Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method
UPDATE
Microsoft has now stated publicly that they are aware of this vulnerability and have already prepared to release the fix as part of “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The update will be available to rollout on November 12, 2013.
Read the full statement: ActiveX Control issue being addressed in Update Tuesday
