Internet Explorer Zero Day Vulnerability
Crackers have discovered and are using a new vulnerability in Internet Explorer; computer security experts recommend stopping using IE until Microsoft releases a patch.
As Eric Romang, IT security consultant from ZATAZ.com from Luxembourg, writes in his blog , malicious code was found on one of the infected servers belonging to the group behind the recent Java attacks ( these are comment per. ). The Metasploit group, which worked on this vulnerability together with Eric Romang, has already published an exploit .
The victim's computer is compromised by simply visiting the infected site, which gives the attacker the same rights on the victim's computer as the current user, as written by sinn3r, the developer of the exploit from the Metasploit group. Vulnerability is found in Internet Explorer 7, 8 and 9 browsers on all supported versions of Windows OS.
')
Metasploit development manager Tod Beardsley (Tod Beardsley) believes that this vulnerability has been known to attackers for quite a long time to talk about a large number of potential victims - called a figure of 41% of North American Internet users.
Since Microsoft has not yet published a fix; IE users are strongly advised to temporarily switch to other browsers. Security Watch (where this news was published - approx. Lane ) contacted Microsoft about this and promises to publish their answer.
At the moment, according to AlienVault Lab researcher Jamie Blasco, the exploits found on the Internet only target IE versions 7 and 8, and only Windows XP.
As Eric Romang, IT security consultant from ZATAZ.com from Luxembourg, writes in his blog , malicious code was found on one of the infected servers belonging to the group behind the recent Java attacks ( these are comment per. ). The Metasploit group, which worked on this vulnerability together with Eric Romang, has already published an exploit .
The victim's computer is compromised by simply visiting the infected site, which gives the attacker the same rights on the victim's computer as the current user, as written by sinn3r, the developer of the exploit from the Metasploit group. Vulnerability is found in Internet Explorer 7, 8 and 9 browsers on all supported versions of Windows OS.
')
Metasploit development manager Tod Beardsley (Tod Beardsley) believes that this vulnerability has been known to attackers for quite a long time to talk about a large number of potential victims - called a figure of 41% of North American Internet users.
Since Microsoft has not yet published a fix; IE users are strongly advised to temporarily switch to other browsers. Security Watch (where this news was published - approx. Lane ) contacted Microsoft about this and promises to publish their answer.
At the moment, according to AlienVault Lab researcher Jamie Blasco, the exploits found on the Internet only target IE versions 7 and 8, and only Windows XP.
Source: https://habr.com/ru/post/151671/
All Articles