Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer (IE) that North Korean hackers are believed to have exploited in a campaign targeting security researchers.
South Korean security vendor ENKI published a report on the IE zero-day in early February, claiming that North Korean hackers leveraged it to target its researchers with malicious MHTML files leading to drive-by downloads of malicious payloads.
Microsoft has confirmed receiving a report on the vulnerability through an “incorrect channel,” and said that it was committed to investigate the report and deliver a patch as soon as possible.
However, a fix for this zero-day was not included in the security updates that Microsoft released last week as part of its February 2021 Patch Tuesday.
On Thursday, ACROS Security announced that an unofficial patch for the vulnerability is now available through its 0patch service.
“We have just issued the first batch of micropatches for the Internet Explorer HTML Attribute nodeValue Double Free 0day, which affects all Windows workstations and servers from (at least) Windows 7 and Server 2008 R2 to the very latest supported versions, even if fully updated,” the company announced.
The company said that for the release of this patch it worked together with ENKI, which shared their proof-of-concept to help with the development of a fix.
“The vulnerability is a double free, triggered by making Internet Explorer clear an HTML Attribute value twice,” ACROS Security revealed.
The exploit that ENKI discovered leads to the execution of arbitrary ..
Support the originator by clicking the read the rest link below.
