Security News > 2021 > February > Vendor Ships Unofficial Patch for IE Zero-Day Vulnerability
Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer that North Korean hackers are believed to have exploited in a campaign targeting security researchers.
South Korean security vendor ENKI published a report on the IE zero-day in early February, claiming that North Korean hackers leveraged it to target its researchers with malicious MHTML files leading to drive-by downloads of malicious payloads.
Microsoft has confirmed receiving a report on the vulnerability through an "Incorrect channel," and said that it was committed to investigate the report and deliver a patch as soon as possible.
On Thursday, ACROS Security announced that an unofficial patch for the vulnerability is now available through its 0patch service.
To address the bug, the unofficial patch no longer allows for "An HTML Attribute value to be an object." With only 5 or 6 CPU instructions, the patch should fully prevent exploitation, ACROS Security says.
The first batch of patches is being delivered to Windows systems that run the January 2021 Patch Tuesday updates and to those last updated on January 2020.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)