0DAYS R US —

Microsoft pledges temporary fix for critical IE bug under attack

Promise comes as 3 more attack sites are spotted exploiting the vulnerability.

Microsoft plans to release a temporary fix for a critical Internet Explorer vulnerability that attackers are exploiting to install malicious software when unsuspecting end users visit booby-trapped websites.

Microsoft's announcement on Tuesday afternoon that it will make available a temporary patch known as a Fixit in the next few days came as a security researcher spotted three more websites that have exploited the vulnerability. The sites include nod32XX.com, led-professional-symposium.org, and defensenews.in, an India-based news portal dedicated to coverage of the defense industry. The sites install the Poison Ivy and PlugX remote access trojans, which allow attackers to remotely issue commands and monitor e-mail and instant message communications on infected machines.

"It seems the guys behind this 0day were targeting specific industries," Blasco wrote in a blog post published Tuesday. "We’ve seen that they compromised a news site related to the defense industry and they created a fake domain related to LED technologies that can be used to perform spearphishing campaigns to those industries."

Yunsun Wee, director of Microsoft's Trustworthy Computing group, didn't address the number of sites targeting the previously undocumented flaw, but her post also suggested the attacks were targeted.

"While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," she wrote. It won't disrupt the IE browsing experience and will be installed just by clicking a button on a Microsoft webpage.

In a previous post Wee recommended users protect themselves against attack by installing the Enhanced Mitigation Experience Toolkit. Known as EMET, it adds advanced security defenses on older Windows versions and more strictly enforces them on newer ones. Microsoft has more about the vulnerability, which affects all supported versions of Internet Explorer, here.

The posts come as the German government recommended people curtail their use of Internet Explorer until a fix is available, researchers with antivirus provider Sophos reported, citing an advisory issued by the country's Federal Office for Information Security.

Update:On Wednesday afternoon, Microsoft issued the fixit, which is available here. The company said it would be releasing a patch for the issue on Friday.

Channel Ars Technica