IE exploit code released

Internet Explorer Mobile
Image via Wikipedia

This potentially increases the risk for widespread attacks.

Exploit code for the zero-day hole in Internet Explorer linked to the China-based attacks on Google and other companies has been released on the Internet, Microsoft and McAfee warned on Friday.

Meanwhile, the German federal security agency issued a statement on Friday urging its citizens to use an alternative browser to IE until a patch arrives.

“We still only see limited targeted attacks affecting Internet Explorer 6,” Jerry Bryant, senior security program manager lead at the Microsoft Security Response Center, said in a statement. “While newer versions of Internet Explorer are affected by this vulnerability, mitigations exist that make exploitation much more difficult.”

McAfee researchers have seen references to the code on mailing lists and confirmed that it has been published on at least one Web site, the company’s Chief Technology Officer George Kurtz wrote in his blog. “The exploit code is the same code that McAfee Labs had been investigating and shared with Microsoft earlier this week,” he said.

“The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability,” Kurtz wrote. “The now-public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit.”

While IE 6 was running on the computers attacked, all versions are vulnerable.

Microsoft issued a warning on Thursday about the new hole and said it was working on a patch. The vulnerability affects IE 6, 7 and 8 on all the modern versions of Windows, including Windows 7, according to Microsoft’s advisory. Microsoft said IE 6 was the browser version being used on the computers that were targeted in the attacks. (Source: CNET)

Reblog this post [with Zemanta]

About brvanlanen

Just a thirty-something guy currently hanging it up in the greater Green Bay area. My post-high school educational background is mainly in the Information Technology field. Specifically I have an A.A.S. in Computer Network Systems and a B.S. in Information Systems Security, both from ITT Technical Institute, in addition to A and MCDST certifications. In my free time I enjoy spending time with my family, cooking and sports. My Christian faith is also important to me as a Missouri-Synod Lutheran and all my children attend a Lutheran grade school. When it comes to political leanings I am a conservative first and foremost which you will discover rather quickly. As for sports I am a huge fan of the Green Bay Packers.

Posted on January 17, 2010, in attacks, Cybersecurity, Hacking, Microsoft, Security breach, Web, Windows and tagged , , , , , , , , . Bookmark the permalink. Comments Off on IE exploit code released.

Comments are closed.

%d bloggers like this: