Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: "FixIt" Patch for CVE-2012-4792 Bypassed SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
"FixIt" Patch for CVE-2012-4792 Bypassed

On the 1 Jan 2013, Johannes posted a diary on a Microsoft FixIt made available for IE as a way of mitigating the CVE-2012-4792 zero day attack. Researchers at Exodus Intelligence reported today they have developed a new attack that bypasses the FixIt issued by Microsoft. They were able to bypass and compromised a fully-patched system using some variation of the exploit published this week.

You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.

[1] https://isc.sans.edu/diary.html?storyid=14788
[2] http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-cve-2012-4792/
[3] https://isc.sans.edu/diary.html?storyid=14797

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

475 Posts
ISC Handler
Jan 4th 2013

Sign Up for Free or Log In to start participating in the conversation!