Microsoft’s quick patch last week didn’t help too much, researchers at Exodus Intelligence reported today they have developed a bypass for the fix it that Microsoft released as a temporary mitigation.
The new exploit that was developed, beat a fully patched Windows system running IE 8, the same version of the browser exploited by malware used in watering hole attacks against several political and manufacturing websites, including the Council on Foreign Relations in the U.S., and Chinese human rights site Uygur Haber Ajanski.
Brandon Edwards, vice president of Intelligence at Exodus, stated his firm’s investigators looked at the Fix It to find out how much of the vulnerability it prevented. “Usually, there are multiple paths one can take to trigger or exploit a vulnerability,” Edwards said. “The Fix It did not prevent all those paths.”