"FixIt" Patch for CVE-2012-4792 Bypassed
Last Updated: 2013-01-04 23:36:34 UTC
by Guy Bruneau (Version: 1)
On the 1 Jan 2013, Johannes posted a diary on a Microsoft FixIt made available for IE as a way of mitigating the CVE-2012-4792 zero day attack. Researchers at Exodus Intelligence reported today they have developed a new attack that bypasses the FixIt issued by Microsoft. They were able to bypass and compromised a fully-patched system using some variation of the exploit published this week.
You might want to take a second look at the diary published this week that is using EMET 3.5 as another tool to help defend your Windows systems against various attacks.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu