Sus/20121889-A
Sus/20121889-A is one of two parts of a recently disclosed vulnerability in Microsoft Products. As of June 19th, this vulnerability has still not been patched in Microsoft Updates. This security vulnerability has been named CVE-2012-1889 and is detected as two different exploits by some security applications: Exp/20121889-A and Sus/20121889-A.
Table of Contents
A Brief Timeline of the Sus/20121889-A Vulnerability
Along with a warning of state-sponsored malware attacks, Google also warned against a vulnerability in the Microsoft XML component that was leading to malware attacks in the wild. On May 30th, Google warned Microsoft about this vulnerability and they are now working together to release a permanent solution. Using this vulnerability, criminals can gain unauthorized access to a computer system in order to install malware or force the victim's computer system to download malicious files. This vulnerability is limited to Microsoft products, specifically the Internet Explorer web browser and the Microsoft Office Suite.
How the Sus/20121889-A Vulnerability Can Be Used to Attack a Computer System
The Sus/20121889-A vulnerability is actually an uninitialized variable in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This corrupts memory in a way that criminals can exploit in order to execute code on the targeted computer. Criminals craft websites specifically designed to exploit this vulnerability. These attack websites leverage the Sus/20121889-A vulnerability to be able to install malware on the victim's computer system. However, criminals have no way of forcing computer users to visit these attack websites directly. Most of the time, computer users will arrive at one of these websites after falling for social engineering tactics. These usually take the form of malicious email spam and hyperlinks contained in spam email messages, unsolicited instant messages, and social media spam campaigns.
Protecting Yourself from Malware Associated with the Sus/20121889-A Vulnerability
Micorosft has released a temporary solution, a Fix it that can block the attack vector that malware exploiting the Sus/20121889-A vulnerability uses to attack a computer system. ESG security analysts strongly advise all Internet Explorer and Microsoft Office users to download and install this fix in order to stay protected from Sus/20121889-A-related malware while Microsoft is releasing a permanent solution. As always, it also pays to be very careful about clicking on links contained in unsolicited email messages in order to avoid attack websites of all kinds. Since the Sus/20121889-A vulnerability was only made public in June of 2012, it is also important to update your security software in order to ensure that it will able to detect websites or malicious files leveraging this vulnerability.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | faq.htm | |
| 2. | deploy.html | |
| 3. | deployJava.js | |
| 4. | movie.swf |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.