- SMB Spotlight
Microsoft has issued a rush fix for a vulnerability in its Internet Explorer web browser being actively targeted by Operation SnowMan hackers.
The temporary fix is available for download now on Microsoft's support page. It works by instructing affected services to enter a 'restricted' mode that blocks the attackers' movements.
"By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability," read the advisory.
The Operation SnowMan campaign was uncovered by security firm FireEye last week, when researchers spotted hackers trying to infiltrate US military veterans website VFW.org.
The attack leveraged vulnerabilities in Microsoft services to break into its victims' systems. As explained by Microsoft: "The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.
"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."
The advisory warned that the fix is a temporary one and Microsoft is still working on a more permanent solution.
"The Fix it solution that's described here is not intended as a replacement for any security update. We recommend that you always install the latest security updates," read the advisory.
Microsoft releases security patches on the second Tuesday of every month, although it is currently unclear whether the full fix will be included in its March update. The only details Microsoft offered were:
"Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
Operation SnowMan is one of many advanced cyber campaigns uncovered this year. Kaspersky Labs researchers reported uncovering a nefarious 'Mask' campaign earlier in February.
The researchers believe the Mask campaign has infected at least 380 governments and businesses across 31 countries including the UK.