"... Even though a security company has revealed that it had managed to bypass Microsofts one-click Fix it solution for Internet Explorer 8 and older, the Redmond-based software firm says that users are fully protected if they deploy the patch.
Weve reviewed the information and are working on an update, which we will make available to all customers on IE6-8 as soon as it is ready for distribution, said Dustin Childs, group manager, Microsoft Trustworthy Computing, according to ThreatPost.
In the meantime, the current Fix it, mitigations and workarounds available in Security Advisory 2794220 fully protect against all known active attacks. We also continue to encourage customers to upgrade their browsers to IE9-10, which are not affected by this issue.
While Internet Explorer 9 and Internet Explorer 10 are not affected by the issue, security vendors across the globe are confirming that more websites have been compromised in order to exploit the flaw.
The whole point of the waterhole tactic is that they believe such sites, although usually not with high numbers of users, will have interesting visitors, said Jindrich Kubec, Avast Virus Labs director of Threat Intelligence. At least two of the sites use the same spyware binary with exactly same configuration. The rest look a bit different, but we havent investigated it thoroughly yet...."
»news.softpedia.com/news/ ··· 47.shtml