Wednesday, August 10, 2011

0-day already out to exploit yesterday’s IE bugs

If it wasn’t already known to Microsoft, I can confirm first hand that today I downloaded and played with available 0-day to exploit Internet seccenter-iconExplorer bugs in the wild. Microsoft has just released the patches to fix these exploits, but I was surprised to see that the exploits are available free for the world to use.

The exploits basically allows remote code execution from a website once visited through Internet Explorer. Once such a malicious page is visited, the hacker is able to take control of the machine and perform administrative operations, including but not limited to adding backdoors, steal information or make hacked computers act as bot to mass attack servers.

I will not disclose where the code is available to play with, but it is surely a warning for all Windows users to update their installation with the patches released yesterday. It is not just about your information, but your computers could be used to launch other attacks,

Details of the patches can be found here and here. Microsoft releases security patches on Tuesdays, but critical patches should be released asap!!

No comments: