Follow us on Twitter
Follow us on FacebookExploit for New Internet Explorer 8 Vulnerability is Now Active and in the Wild
@ 2013/05/08Another day, another vulnerability waiting to be widely exploited by malware authors. The latest is a newly discovered vulnerability that affects Internet Explorer 8 whether it is in use on Windows XP, Vista, or 7. The exploit has already been rolled into a module and added to the Metasploit Framework, a free penetration testing tool. Information on how to use the vulnerability is also now in widespread circulation.
Fractured glass photo effect courtesy of PhotoFunia.
At least there is some good news…Microsoft has confirmed that the exploit has no effect on Internet Explorer versions 6, 7, 9, and 10. If you have a system running Internet Explorer 8, then using an alternative browser until Microsoft releases a security update is a good idea. If using an alternative browser is not an option, then you can make use of Microsoft’s EMET (Enhanced Mitigation Experience) Toolkit (links are available at the bottom of the article).
From the Krebs on Security post: The security hole has already been leveraged in at least one high-profile attack. Over the weekend, several security vendors reported that the U.S. Department of Labor Web site had been hacked and seeded with code designed to exploit the flaw and download malicious software.
Fractured glass photo effect courtesy of PhotoFunia.
At least there is some good news…Microsoft has confirmed that the exploit has no effect on Internet Explorer versions 6, 7, 9, and 10. If you have a system running Internet Explorer 8, then using an alternative browser until Microsoft releases a security update is a good idea. If using an alternative browser is not an option, then you can make use of Microsoft’s EMET (Enhanced Mitigation Experience) Toolkit (links are available at the bottom of the article).
From the Krebs on Security post: The security hole has already been leveraged in at least one high-profile attack. Over the weekend, several security vendors reported that the U.S. Department of Labor Web site had been hacked and seeded with code designed to exploit the flaw and download malicious software.
