Already a Busy Year in Web Defense for Microsoft and Adobe

It’s been an ugly month over at Microsoft’s (News - Alert) security development, riddled with news of attacks through Internet Explorer security holes, including one targeting U.S. Veterans around President’s Day. Just after Microsoft addressed more than 30 vulnerabilities with a scheduled Feb. 12 patch release, cybersecurity firm FireEye (News - Alert) discovered a new attack on Feb. 13. The suspected hacker group has some similarities to groups in China; their attack planted backdoors on machines used to visit the U.S. Veterans of Foreign Wars webpage. That attack, dubbed Operation SnowMan, exploited a vulnerability allowing access to objects in memory that were deleted or unallocated.

Just a few days later Microsoft released information about a hole being exploited in both IE 9 and IE 10. The verbiage was the same as FireEye’s discovery: “The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.”

Microsoft released a workaround that IE users should install immediately. (Of course they would prefer if we’d all just get with the program and upgrade to Windows 8.1 and IE 11.)

Microsoft isn’t alone however, with Kapersky Labs announcing an attack discovery earlier this month they called one of the most sophisticated they’ve seen yet. The Mask targets a flaw in Adobe’s (News - Alert) Flash Player and it apparently began in 2007, impacting approximately 380 corporations and governments across thirty-one nations. One security analyst said this well-coordinated attack has markings indicating it could be state sponsored but now that the information is out there it is only a matter of time before criminals begin exploiting the flaw. Consumers are encouraged to install all updates and patched from Adobe to protect against their systems.