A new 0-Day IE exploit puts a lot of internet users at risk. According to Rapid7 (creator of the Metasploit testing platform) the new zero-day, discovered by security researcher Eric Romang, affects IE 7,8 and 9 on Windows XP, Vista (Anyone really use that anymore?) and Windows 7.
The Zero-Day was found when Eric was analyzing a machine that was infected with “Poison Ivy” a malicious remote administration tool (RAT). Apparently the 0-Day was actually used to install Poison Ivy, possibly by the “Nitro” hacker gang.
Check out the video Eric made (above) and his website for more information.
Microsoft urged users to use their free security tool, the Enhanced Mitigation Experience Toolkit (EMET). Rapid7 countered this saying that the stop-gap does not work well in all circumstances and should switch to another browser until a security patch to IE is released.
Rapid7 also released a Metasploit module (pictured above) so corporate security teams could test their networks to see if they are vulnerable to the exploit. All Metasploit users need to do is just update their install and the module will be pulled down. Backtrack users can simply run “msfupdate”.
CYBER ARMS - Computer Security 
Hmm… I wonder if this has been patched. I have tried a Win7 box and a WinXP box and its a no go on both of them. Gonna try another XP and see how that goes
I see that AVG is already blocking this as a threat. Works fine if AVG isnt in the way, otherwise it is blocked every time
Reblogged this on lava kafle kathmandu nepal.