Oct 1, 2013

Critical Internet Explorer exploit code released in the wild

5:12 PM

READ MORE



Two weeks after zero-day attacks were disclosed, attack code goes mainstream. 

Attack code that exploits a critical vulnerability in all supported versions of Microsoft's Internet Explorer browser has been publicly released.
Monday's release of a module for the Metasploit exploit framework used by security professionals and hackers could broaden the base of attackers who are capable of targeting the flaw. Until now, the bug has been known to be exploited in only a handful of highly targeted attacks aimed mostly at workers in Japanese government agencies and manufacturers. While the attack code has been available to anyone who knows where to find it, its inclusion in the open-source Metasploit could make it easier for some people to use.
Microsoft issued a temporary fix for the browser two weeks ago. The company, which is scheduled to release its next batch of security updates on October 8, hasn't said when it will issue a permanent patch.

READ MORE: New MacBook Pro and Air firmware update addresses battery issues

One of the groups carrying out the attacks is the same one that installed malware on computers belonging to security firm Bit9. The group has planted exploits on compromised websites known to be frequented by government and manufacturing employees. The exploits are used to remotely execute code that installs rootkit-style malware that's used to download sensitive data from the infected machines. While the exploits target versions 8 and 9 of IE running on Windows XP and Windows 7 respectively, the "use after free" vulnerability is present in IE versions 10 and 11 as well, Microsoft has said.

READ MORE: FCC says TracFone and other cell companies defrauded US program for the poor

Out of an abundance of caution, Windows users should be sure to install the temporary fix it regardless of the browser they regularly use.
Courtesy: arstechnica

Written by

Learn Programming Language, Web Development and more Online without any cost!!!

0 comments:

Post a Comment

 

© 2013 Technology Update News!. All rights resevered. Designed by BDpython

Back To Top