September 18, 2012 at 09:10Internet Explorer Zero Day Vulnerability
- Transfer
Hackers have discovered and are using a new vulnerability in Internet Explorer, computer security experts recommend stopping the use of IE until Microsoft releases the patch.
According to Eric Romang, an IT security consultant with Luxembourg based ZATAZ.com, that the malicious code was detected on one of the infected servers belonging to the group of people behind the recent Java attacks (we are talking about these attacks - approx . The Metasploit team working on this vulnerability, along with Eric Romang, has already published an exploit .
The victim’s computer is compromised by simply visiting the infected site, which gives the attacker the same rights on the victim’s computer as the current user, according to sinn3r, an exploit developer from the Metasploit group. The vulnerability was detected in Internet Explorer versions 7, 8 and 9 on all versions of Windows OS supported by browsers.
Metasploit’s development manager Tod Beardsley believes that the vulnerability has been known to attackers for quite some time to talk about a large number of potential victims - the figure is 41% of North American Internet users.
Because Microsoft has not yet published the hotfix; IE users are strongly advised to temporarily switch to other browsers. Security Watch (where this news was published - approx. Per. ) Has contacted Microsoft about this and promises to publish their answer.
At the moment, according to AlienVault Lab researcher Jamie Blasco, exploits found on the Internet target only IE versions 7 and 8, and only Windows XP.
According to Eric Romang, an IT security consultant with Luxembourg based ZATAZ.com, that the malicious code was detected on one of the infected servers belonging to the group of people behind the recent Java attacks (we are talking about these attacks - approx . The Metasploit team working on this vulnerability, along with Eric Romang, has already published an exploit .
The victim’s computer is compromised by simply visiting the infected site, which gives the attacker the same rights on the victim’s computer as the current user, according to sinn3r, an exploit developer from the Metasploit group. The vulnerability was detected in Internet Explorer versions 7, 8 and 9 on all versions of Windows OS supported by browsers.
Metasploit’s development manager Tod Beardsley believes that the vulnerability has been known to attackers for quite some time to talk about a large number of potential victims - the figure is 41% of North American Internet users.
Because Microsoft has not yet published the hotfix; IE users are strongly advised to temporarily switch to other browsers. Security Watch (where this news was published - approx. Per. ) Has contacted Microsoft about this and promises to publish their answer.
At the moment, according to AlienVault Lab researcher Jamie Blasco, exploits found on the Internet target only IE versions 7 and 8, and only Windows XP.