A new Internet Explorer Zero-day (CVE-2012-4792) was released finally released publicly after it being private for a couple weeks.
CVE-2012-4792 was first discovered by FireEye security company. Sometime in December, Council on Foreign Relations (CFR)’s website was compromised, and then began hosting malicious content from there. The 0day exploit was written to target English, Chinese (China & Taiwan), Japanese, Korean and Russian-based Windows users. Who would usually visit the CFR website? Please feel free to guess.
If you are using IE 9 or IE 10, today’s is your lucky day, because you are not vulnerable to this. For those who are using older versions of IE such as 8, you are at risk.
In addition, here’s Microsoft’s official advisory for CVE-2012-4792 that you should read: http://technet.microsoft.com/en-us/security/advisory/2794220
