Public release of IE exploit could spark widespread attacks
Exploit module for yet-to-be-patched Internet Explorer vulnerability added to Metasploit
IDG News Service - An exploit for a vulnerability that affects all versions of Internet Explorer and has yet to be patched by Microsoft has been integrated into the open-source Metasploit penetration testing tool, a move that might spur an increasing number of attacks targeting the flaw.
The vulnerability is known as CVE-2013-3893 and was announced by Microsoft on Sept. 17 after the company became aware of its use in targeted attacks. The company released a temporary "Fix It" tool that customers can download and install to address the flaw, but no permanent patch has been released through Windows Update.
The vulnerability affects all versions of Internet Explorer and can be exploited to execute arbitrary code on computers when IE users visit a specially crafted Web page hosted on a malicious or compromised website.
Security researchers have issued warnings about ongoing attack campaigns that have been using the vulnerability to target organizations in Japan and Taiwan since late August or even July, according to some reports.
Since August 29, when an exploit for this vulnerability was first detected as part of an attack dubbed "Operation DeputyDog," the exploit was adopted by at least two more APT (advanced persistent threat) groups and used in targeted attacks, according to a new report by researchers from security firm FireEye.
On Monday, exploit developer and Metasploit contributor Wei Chen released a CVE-2013-3893 exploit module for the popular penetration testing tool. Chen noted that the module is based on the exploit code that's already being used by attackers.
The inclusion of the exploit in Metasploit is significant, because while this tool is primarily aimed at security professionals, cybercriminals have made a habit of borrowing exploits from it and using them in their own attacks.
"As long as cybercriminals get access to the exploit code made publicly available we will see instances of the exploit being use by regular cybercriminals and probably we will find the exploit in some of the most famous Exploit Kits," said Jaime Blasco, manager of the research team at security firm AlienVault, Saturday via email. "I'm sure if Metasploit includes this exploit we will see an increase on widespread exploitation."
The exploit kits Blasco refers to are commercial crimeware tools like Black Hole that are available to a large number of cybercriminals and which are generally used in attacks that have a much wider scope than APT campaigns.
It's highly possible that the exploit is already being used as part of such exploit kits, said Metasploit engineering manager Tod Beardsley, Tuesday via email. The exploit used in the new Metasploit module was obtained from existing attacks and there are similarities between it and prior exploits known to be used in such tools.
In particular, the exploit contains system fingerprinting code that's not actually used, which suggests the original author is at least familiar with prior exploits found in exploit packs, Beardsley said.
According to Chen, the junk fingerprinting code appears to have been reused in various exploits since at least 2012.
Microsoft's next batch of security updates is scheduled for Oct. 8, but it's not clear if the company will issue a permanent patch for this particular vulnerability at that time.
Beardsley hopes it will. "The Fix It is effective, so I hope it would be straightforward to patch properly," he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Malware and Vulnerabilities White Papers | Webcasts