Researchers claim they have bypassed Microsoft's Internet Explorer zero-day fix-it patchWritten by Ron on January 05, 2013 - 05:20AM @ronwinbeta
Microsoft issued a temporary Fix-it patch for the vulnerability but now researchers are claiming that they have bypassed the patch and were able to compromise a fully-patched system. "After posting our analysis of the current 0day in Internet Explorer which was used in a “watering hole” style attack hosted on the Council for Foreign Relations website, we decided to take a look at the Fix It patch made available by Microsoft to address the vulnerability. After less than a day of reverse engineering, we found that we were able to bypass the fix and compromise a fully-patched system with a variation of the exploit we developed earlier this week," the researchers stated.
The researchers have notified Microsoft with details of how they were able to bypass the patch and Microsoft is still working on releasing an official patch.