resource center
  See your link here
|
IDG News Service - Developers of the open-source Metasploit penetration testing toolkit have released code that can compromise Microsoft's Internet Explorer browser, but the software is not as reliable as first thought.
The code exploits an Internet Explorer bug that was disclosed last Friday in a proof-of-concept attack posted to the Bugtraq mailing list. That first code was unreliable, but security experts worried that someone would soon develop a better version that would be adopted by cyber-criminals.
The original attack used a "heap-spray" technique to exploit the vulnerability in IE. But for a while Wednesday, it looked as though the Metasploit team had released a more reliable exploit.
They used a different technique to exploit the flaw, one pioneered by researchers Alexander Sotirov and Mark Dowd, but Metasploit eventually pulled its code.
"The bug itself is unreliable," Metasploit developer HD Moore said in a Twitter message Wednesday. The Metasploit code tried to exploit the flaw in two ways, one of which was "problematic," and the other of which was the heap-spray technique that had already been ineffective.
Microsoft said via e-mail Wednesday afternoon that it was "currently unaware of any attacks in the wild using the exploit code or of any customer impact."
That's good news for IE users, as a reliable attack would affect a lot of people. The two versions of the browser that are vulnerable to the flaw -- IE 6 and IE 7 -- are used by about 40 percent of Web surfers.
The company has issued a Security Advisory that offers workarounds to guard against the flaw. According to Microsoft, the newer IE 8 browser is not affected by it.
The flaw lies in the way IE retrieves certain Cascading Style Sheet (CSS) objects, used to create a standardized layout on Web pages. Concerned IE users can upgrade their browser or disable JavaScript to avoid an attack.
IDG.net
Death to PST Files
Download Now
Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!
A Green Architectural Strategy That Puts IT in the Black
Levergage green computing across your data center. Read more now.
Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.
Quantifying the Business Value of VMware View
Learn why you should invest in a centralized virtual desktop.
WAN Optimization as a Managed Service: More than Network Cost Savings
View this Webcast Now!
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
Asia-Pacific Enterprise Network Solutions
Learn through this Webcast how your business can achieve reliability, performance and value in hard-to-reach locations within the Asia-Pacific region.
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Mainsoft Webcast w/ Forrester Research: Drive SharePoint Adoption in Lotus Notes Shops
How can you drive mainstream user adoption of Microsoft SharePoint when your users rely on Lotus Notes?
Sign up to receive updates on the latest Networking and Internet resources
Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
