Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: "FixIt" Patch for CVE-2012-4792 Bypassed - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
"FixIt" Patch for CVE-2012-4792 Bypassed

On the 1 Jan 2013, Johannes posted a diary on a Microsoft FixIt made available for IE as a way of mitigating the CVE-2012-4792 zero day attack. Researchers at Exodus Intelligence reported today they have developed a new attack that bypasses the FixIt issued by Microsoft. They were able to bypass and compromised a fully-patched system using some variation of the exploit published this week.

You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu


417 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!