Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents

On March 16th, FireEye discovered a premeditated waterhole campaign that hosts exploits and malware on websites frequented by a specific target group.

Image source: Article
The attack exploits a fresh vulnerability (CVE-2013-1288, MS13-021) in Internet Explorer 8—just four days after Microsoft released a patch.

Why did attackers use a fresh vulnerability? Cost could be a factor. Zero-days tend to be expensive to either research or purchase on black markets.

Has your CU applied this patch?