Internet Explorer Zero-Day Discovered, Metasploit Module Released
A new 0-Day IE exploit puts a lot of internet users at risk. According to Rapid7 (creator of the Metasploit testing platform) the new zero-day, discovered by security researcher Eric Romang, affects IE 7,8 and 9 on Windows XP, Vista (Anyone really use that anymore?) and Windows 7.
The Zero-Day was found when Eric was analyzing a machine that was infected with “Poison Ivy” a malicious remote administration tool (RAT). Apparently the 0-Day was actually used to install Poison Ivy, possibly by the “Nitro” hacker gang.
Check out the video Eric made (above) and his website for more information.
Microsoft urged users to use their free security tool, the Enhanced Mitigation Experience Toolkit (EMET). Rapid7 countered this saying that the stop-gap does not work well in all circumstances and should switch to another browser until a security patch to IE is released.
Rapid7 also released a Metasploit module (pictured above) so corporate security teams could test their networks to see if they are vulnerable to the exploit. All Metasploit users need to do is just update their install and the module will be pulled down. Backtrack users can simply run “msfupdate”.
~ by D. Dieterle on September 17, 2012.