Microsoft released a temporary fix for the Internet explorer bug that hackers exploited to break the website of the US Department of Labor last week. Attackers can exploit the hole by convincing users to visit compromised websites after clicking a link in an e-mail or Instant Messenger message.
The vulnerability allowed remote code execution on Internet Explorer 8 version and spread to other websites as well, including that of an aerospace company. Affected by the vulnerability were also several security, defense and non-profit organizations, according to The Hacker News.
â€œCVE-2013-1347 MSHTML Shim Workaroundâ€ was offered as a solution to prevent dangerous scenarios butÂ doesn’tÂ replace regular security updates.
â€œMicrosoft is aware of attacks that attempt to exploit this vulnerability,â€ Microsoft representatives said on the Security TechCenter. â€œThe vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.â€
Microsoft also said the vulnerabilityÂ doesn’tÂ affect other versions of Internet Explorer. The company is investigating the issue and monitoring the threat landscape to take action against malicious sites that attempt to exploit the bug.
Last week, the US Department of Labor website was hacked and used to disseminate malware that collected data from users and sent it to a remote command-and-control server.