Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
"FixIt" Patch for CVE-2012-4792 Bypassed
Last Updated: 2013-01-04 23:36:34 UTC
by Guy Bruneau (Version: 1)
On the 1 Jan 2013, Johannes posted a diary on a Microsoft FixIt made available for IE as a way of mitigating the CVE-2012-4792 zero day attack. Researchers at Exodus Intelligence reported today they have developed a new attack that bypasses the FixIt issued by Microsoft. They were able to bypass and compromised a fully-patched system using some variation of the exploit published this week.
You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.
[1] https://isc.sans.edu/diary.html?storyid=14788
[2] http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-cve-2012-4792/
[3] https://isc.sans.edu/diary.html?storyid=14797
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Comments
New Comments closed for all Diaries older than two(2) weeks
Please send your comments to our Contact Form
Diary Archives
