Microsoft has successfully released a ‘Fix it solution’ for the recently discovered targeted attack, CVE-2012-4792. This attack was specifically targeted at users of Internet Explorer versions 6, 7 and 8. Users of Internet Explorer 9 and 10 were not affected.
The attack exploited a vulnerability that allowed an attacker to literally hijack a PC and gain remote code execution over an infected PC. This vulnerability could be exploited when Internet Explorer accessed objects in the memory that had been deleted (or improperly allocated) previously. Attackers had found ways to design websites that would exploit this vulnerability. However, they did need to use social engineering tricks to get victims to visit those pages in the first place. Additionally, malicious downloads and email attachments could also be manipulated to exploit this vulnerability. Once compromised, a machine could run arbitrary codes sent by the attacker from remote servers.
Microsoft has now released a Fix it solution for this issue, so troubled Internet Explorer users can rest easy. This solution is an out-of-cycle security update for the benefit of users and can be utilized with one single click. The update does not require a system reboot and it is not a replacement for any further security updates that Microsoft will release.
Ideally, users are advised to use Internet Explorer 9 or 10. Users who are constrained to older versions should use this security tool to prevent this exploit. Moreover, it is also recommended that they apply all OS and software updates, especially for their antivirus and system protection software.