All the latest UK technology news, reviews and analysis

Microsoft combats SnowMan hackers with rush fix for Internet Explorer

20 Feb 2014

Microsoft has issued a rush fix for a vulnerability in its Internet Explorer web browser being actively targeted by Operation SnowMan hackers.

The temporary fix is available for download now on Microsoft's support page. It works by instructing affected services to enter a 'restricted' mode that blocks the attackers' movements.

"By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability," read the advisory.

The Operation SnowMan campaign was uncovered by security firm FireEye last week, when researchers spotted hackers trying to infiltrate US military veterans website

The attack leveraged vulnerabilities in Microsoft services to break into its victims' systems. As explained by Microsoft: "The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

The advisory warned that the fix is a temporary one and Microsoft is still working on a more permanent solution.

"The Fix it solution that's described here is not intended as a replacement for any security update. We recommend that you always install the latest security updates," read the advisory.

Microsoft releases security patches on the second Tuesday of every month, although it is currently unclear whether the full fix will be included in its March update. The only details Microsoft offered were: 

"Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

Operation SnowMan is one of many advanced cyber campaigns uncovered this year. Kaspersky Labs researchers reported uncovering a nefarious 'Mask' campaign earlier in February.

The researchers believe the Mask campaign has infected at least 380 governments and businesses across 31 countries including the UK.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Galaxy S5 vs One M8 video review

Galaxy S5 vs HTC One M8 video review

We see which Android contender is best for business

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

CRM Business Analyst - Microsoft Dynamics CRM 4.0/2011

CRM Business Analyst - Microsoft Dynamics CRM 4.0/2011...

Senior Business Analyst

Senior Business Analyst ITIL, BA, Software Bridgend £50...

UX Designer

UX Designer required for an initial 6 month contract...

DV Cleared Technical Consultants

An established Consultancy working across the Government...
To send to more than one email address, simply separate each address with a comma.