Microsoft Patch Fixed IE Flaw Used Against U.S. Military - CSO

September 12, 2014

Microsoft Patch Fixed IE Flaw Used Against U.S. Military - CSO

CSO, By Antone Gonsalves

Tucked within Microsoft's September patch release was a fix for a vulnerability that had been used this year in a sophisticated attack aimed at stealing U.S. military secrets.

A proof-of-concept (PoC) exploit for the XMLDOM vulnerability, which Microsoft labeled cve-2013-7331, was first released in April 2013. The PoC was then "re-repurposed and abused" in the February attack against the U.S. Veterans of Foreign Wars' website, Kurt Baumgartner, principal security researcher, Americas, for Kaspersky Lab, reported Thursday.

Experts believe the attackers were hoping to infect the computers of active military personnel visiting the site in order to eventually steal valuable information. The VFW has 1.4 million members, including 75,000 who are still active. Read more.

Microsoft Patch Fixed IE Flaw Used Against U.S. Military - CSO

Kaspersky

Microsoft Patch Fixed IE Flaw Used Against U.S. Military - CSO

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Share with your friends

Microsoft Patch Fixed IE Flaw Used Against U.S. Military - CSO

Microsoft Patch Fixed IE Flaw Used Against U.S. Military - CSO

About Kaspersky

Related Articles Press Releases

Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud

Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List

Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report

Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment

Poor Security Practices put Cloud-Driven Business Growth and Cost Savings at Risk

Kaspersky Lab Story of the Year 2017: More Than One Quarter of Ransomware Attacks Target Businesses

Kaspersky Lab Survey: IT Security Experts Uncertain on How to Combat Targeted Attacks

Kaspersky Lab Creates Pop-Up Shop Experience Using New Currency to Showcase the Value of Personal Data

Kaspersky Lab Enters Endpoint Detection and Response Market with New Solution

Kaspersky Lab North America Champions National Cyber Security Awareness Month 2017