IE exploit code released
This potentially increases the risk for widespread attacks.
Meanwhile, the German federal security agency issued a statement on Friday urging its citizens to use an alternative browser to IE until a patch arrives.
“We still only see limited targeted attacks affecting Internet Explorer 6,” Jerry Bryant, senior security program manager lead at the Microsoft Security Response Center, said in a statement. “While newer versions of Internet Explorer are affected by this vulnerability, mitigations exist that make exploitation much more difficult.”
McAfee researchers have seen references to the code on mailing lists and confirmed that it has been published on at least one Web site, the company’s Chief Technology Officer George Kurtz wrote in his blog. “The exploit code is the same code that McAfee Labs had been investigating and shared with Microsoft earlier this week,” he said.
“The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability,” Kurtz wrote. “The now-public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit.”
While IE 6 was running on the computers attacked, all versions are vulnerable.
Microsoft issued a warning on Thursday about the new hole and said it was working on a patch. The vulnerability affects IE 6, 7 and 8 on all the modern versions of Windows, including Windows 7, according to Microsoft’s advisory. Microsoft said IE 6 was the browser version being used on the computers that were targeted in the attacks. (Source: CNET)
Related articles by Zemanta
- McAfee Calls Operation Aurora A “Watershed Moment In Cybersecurity”, Offers Guidance (techcrunch.com)
- Google hack attack code hits the web (v3.co.uk)
- Google Hack Attack Was Ultra Sophisticated, New Details Show (wired.com)
- Microsoft confirms IE zero-day behind Google attacks (sfgate.com)
Posted on January 17, 2010, in attacks, Cybersecurity, Hacking, Microsoft, Security breach, Web, Windows and tagged Add new tag, Google, Internet Explorer, Internet Explorer 6, McAfee, McAfee Labs, Microsoft, Windows 7, Zero day attack. Bookmark the permalink. Comments Off on IE exploit code released.