All the latest UK technology news, reviews and analysis


Microsoft combats SnowMan hackers with rush fix for Internet Explorer

20 Feb 2014
beach-snowman

Microsoft has issued a rush fix for a vulnerability in its Internet Explorer web browser being actively targeted by Operation SnowMan hackers.

The temporary fix is available for download now on Microsoft's support page. It works by instructing affected services to enter a 'restricted' mode that blocks the attackers' movements.

"By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability," read the advisory.

The Operation SnowMan campaign was uncovered by security firm FireEye last week, when researchers spotted hackers trying to infiltrate US military veterans website VFW.org.

The attack leveraged vulnerabilities in Microsoft services to break into its victims' systems. As explained by Microsoft: "The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

The advisory warned that the fix is a temporary one and Microsoft is still working on a more permanent solution.

"The Fix it solution that's described here is not intended as a replacement for any security update. We recommend that you always install the latest security updates," read the advisory.

Microsoft releases security patches on the second Tuesday of every month, although it is currently unclear whether the full fix will be included in its March update. The only details Microsoft offered were: 

"Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

Operation SnowMan is one of many advanced cyber campaigns uncovered this year. Kaspersky Labs researchers reported uncovering a nefarious 'Mask' campaign earlier in February.

The researchers believe the Mask campaign has infected at least 380 governments and businesses across 31 countries including the UK.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
22%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Junior Developer - Manchester - up to £25,000

Graduate Web Developer (C/C++, HTML, CSS, JavaScript...

Logistics Systems Project Manager - WMS

Logistics Systems Project Manager - Leading retailer...

Supply Chain Project/ Programme Manager

Supply Chain, Project Manager, Programme Manager, Consultancy...

Incident Manager - Birmingham - £400 - £500 per day

Incident Manager - Birmingham - £400 - £500 per day...
To send to more than one email address, simply separate each address with a comma.