Update: Hackers exploit new IE zero-day vulnerability
HD Moore, maker of Metasploit, urges users to ditch IE7, IE8 and IE9 until Microsoft fixes critical flaw
Computerworld - Attackers are exploiting a "zero-day" vulnerability in Microsoft's Internet Explorer (IE) and hijacking Windows PCs that cruise to malicious or compromised websites, security experts said Monday.
Microsoft confirmed the IE bug, saying, "We're aware of targeted attacks potentially affecting some versions of Internet Explorer," but did not set a timetable for fixing the flaw.
The unpatched bug in IE7, IE8 and IE9 can be leveraged in Windows XP, Vista and Windows 7, according to Rapid7, the security firm that also maintains the open-source Metasploit penetration-testing toolkit.
Rapid7 urged IE users to ditch the browser and rely on a rival's application.
"Since Microsoft has not released a patch for this vulnerability yet, users are strongly advised to switch to other browsers, such as [Google's] Chrome or [Mozilla's] Firefox, until a security update becomes available," Rapid7 advised in a Monday post to its Metasploit blog.
Frequent Metasploit contributor Eric Romang stumbled upon the IE exploit when he probed one of the servers he claimed was operated by the "Nitro" hacker gang, which used a zero-day in Oracle's Java to compromise PCs last month.
The Nitro gang was first uncovered in July 2011 when Symantec said the group had targeted an unknown number of companies and infected at least 48 firms, many of them in the chemical, advanced materials and defense industries.
Symantec theorized that Nitro operated from the People's Republic of China, but Chinese government officials denied that it was party to the attacks.
The August 2012 attacks, which exploited a then-unpatched flaw in Java, prompted Oracle to ship one of its rare "out-of-band," or emergency, updates. Apple also rushed out a fix for Java 6, the version used by OS X Snow Leopard and OS Lion, to protect those users.
Microsoft said that IE10, the version bundled with Windows 8 -- and which is to be offered to Windows 7 users at some point -- is not affected.
HD Moore, chief security officer at Rapid7 and creator of Metasploit, said he and his team had not yet tested IE10 on Windows 8. That testing is next on his to-do list. "But I would guess 'Yes,' that it can be exploited," Moore said in an interview today.
Moore was hesitant to pin responsibility on the Nitro gang, as Romang had, saying there are other possibilities. "Multiple groups may be sharing these zero-days, with one passing it along to others when it's done using it," he said.
It's also possible that the web server hosting the IE exploit code was simply a dumping ground, added Moore, who noted that researchers monitoring the rogue system have found malware on it since June.
- Hackers hit more businesses through remote access accounts
- P.F. Chang's post-breach move to manual processing is telling
- Microsoft withholds monster IE update from Windows 8.1 dawdlers
- In baffling move, TrueCrypt open-source crypto project shuts down
- 'Oleg Pliss' hack makes for a perfect teachable IT moment
- Give IE the heave-ho until Microsoft patches zero-day
- Hackers find first post-retirement Windows XP-related vulnerability
- Researcher claims two hacker gangs exploiting unpatched IE bug
- Update: Third of Internet Explorer users at risk from attacks
- Microsoft plans another short patch slate for next week, but finds a few XP bugs to crush
- The State of Video Conferencing Security Video conferencing equipment, found in almost every boardroom around the world, may be opening up companies to serious security breaches. This paper explains...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- What are the desktop virtualization market trends and how can you successfully deploy your solution? You've probably heard about desktop virtualization -- and some of its benefits -- things like tighter security, streamlined management and lower costs. But...
- The Value of Symantec NetBackup Appliances In this video, Symantec's Shelley Schmokel, Principal Product Manager for NetBackup Appliances, talks about the NetBackup Integrated Appliances and how they deliver enterprise-class... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!