Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792

Update: After we reported our bypasses to Microsoft, they released the MS13-008 bulletin to patch CVE-2012-4792 officially.

After posting our analysis of the current 0day in Internet Explorer which was used in a “watering hole” style attack hosted on the Council for Foreign Relations website, we decided to take a look at the Fix It patch made available by Microsoft to address the vulnerability. After less than a day of reverse engineering, we found that we were able to bypass the fix and compromise a fully-patched system with a variation of the exploit we developed earlier this week.

We have included details on the bypass to customers of our intelligence feeds and will notify Microsoft of the issue. In practice with coordinated vulnerability disclosure, we intend to update this post with details when Microsoft has addressed the problematic patch.

For more information, keep an eye on this post or contact us to inquire about our offerings.

36 thoughts on “Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792

  1. Pingback: VU#154201: Microsoft Internet Explorer CButton use-after-free vulnerability | Varanoid.comVaranoid.com
  2. Pingback: DD Tech Solutions - Researchers bypass Microsoft’s temporary fix for IE6, IE7, and IE8 vulnerability; patch still MIA
  3. Pingback: 安全公司表示:已发现绕过IE6-8某修复补丁的方法
  4. Pingback: 国外安全公司:已发现绕过IE6-8某修复补丁的方法 - 游侠安全网
  5. Pingback: 安全公司表示:已发现绕过IE6-8某修复补丁的方法_警告! - Z的新闻
  6. Pingback: Una empresa de seguridad descubre en 24 horas la solución al exploit de Internet Explorer
  7. Pingback: Una empresa de seguridad descubre en 24 horas la solución al exploit de Internet Explorer Where Is My Software
  8. Pingback: oday, patch i omijanie patcha | Zaufana Trzecia Strona
  9. Pingback: Neuer Exploit für Lücke im Internet Explorer | Edv-Sicherheitskonzepte.de – News Blog aus vielen Bereichen
  10. Pingback: It Marks the End of 2012 « Y.C's Blog
  11. Pingback: Hackers find another zero-day hole in Internet Explorer « Breaking News « Theory Report
  12. Pingback: Ein neuer Exploit für die Internet Explorer-Lücke | Klaus Ahrens: News, Tipps, Tricks und Fotos
  13. Pingback: Security News #0×30 « CyberOperations
  14. Pingback: Sicherheitsforscher hebeln Fix-it-Tool für Zero-Day-Lücke in Internet Explorer aus
  15. Pingback: Internet Explorer: Bedrohung durch Zero-Day-Lücke hält ansilicon.de
  16. Pingback: Faille Internet Explorer : le patch temporaire est déjà contourné | ALL TRAINING – centre de formation -sur mesure à Bruxelles Lille Anvers Amsterdam Corfu
  17. Pingback: Faille Internet Explorer : le patch temporaire est déjà contourné Montserrat Agence de Communication
  18. Pingback: Código burla ‘remendo’ da Microsoft para falha no Internet Explorer 8 – Globo.com | fontes ss
  19. Pingback: ste williams » Security bods rip off Microsoft’s ‘sticking plaster’ IE bug fix
  20. Pingback: Código burla ‘remendo’ da Microsoft para falha no Internet Explorer 8 – Globo.com | suporte-robot-posters.net.tf
  21. Pingback: Security bods rip off Microsoft’s ‘sticking plaster’ IE bug fix | Gens News
  22. Pingback: Security bods rip off Microsoft’s ‘sticking plaster’ IE bug fix | Technophile
  23. Pingback: Someone has bypassed Microsoft’s Fix It for the IE 8 zero-day vulnerability already | LIVE HACKING
  24. Pingback: January 2013 Patch Tuesday: Patches, but none for the IE 0day! | BeyondTrust
  25. Pingback: Microsoft Black Tuesday: Updates Correct .NET and MSXML Flaws | WatchGuard Security Center
  26. Pingback: Security experts stress urgency of patching Windows XML flaw | EZSPK
  27. Pingback: Microsoft released seven comprehensive security bulletins | My Blog
  28. Pingback: Microsoft publicará siete boletines de seguridad, sin corregir el 0day de Internet Explorer : Ibeamaka
  29. Pingback: IT Secure Site » Blog Archive » January 2013 Patch Tuesday
  30. Pingback: Bug festif du premier janvier… et conséquences d’un abus de Fix-It - CNIS mag
  31. Pingback: SafeTI Blog – Windows: Update da Microsoft conserta falha grave no sistema
  32. Pingback: Microsoft repariert ältere IE-Versionen außerhalb des Patch-Day - ComputerBase
  33. Pingback: Get Latest News Around The World
  34. Pingback: Siamo geek » Vulnerabilità per Internet Explorer 6, 7 e 8
  35. I don’t know if it’s just me or if everybody else experiencing
    issues with your website. It appears like some of the
    text within your content are running off the screen. Can somebody else please comment and let me know if this is happening
    to them as well? This could be a problem with my web browser because I’ve had this happen before.
    Kudos

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s