We posted an aside yesterday referencing Microsoft's recent blog post for new security advisory 981374 referencing a new zero day vulnerability in Internet Explorer versions 6 and 7. New details have emerged since, and the exploit has moved from being what was described as part of "limited targeted attacks" to being widely accessible and available as a new module for the Metasploit framework.
The big news hit earlier this week, the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe, and some 30 other firms was an Internet Explorer zero day, a use after free vulnerability on an invalid pointer reference affecting IE 6, 7, and 8 but only used in IE 6 according to Microsoft. Per Microsoft's Advisory 979352: "In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.. Earlier today this entry from yesterday at Wepawet (an online analysis engine for malware) was pointed out to H.D. Moore, and within hours Metasploit has an exploit of the vulnerability integrated. McAfee has confirmed that the exploit is out and the same one they saw during the investigation. The video below demonstrates how crackers gained access to the corporate networks of Google, et al. using this zero day attack.
Praetorian Prefect is a blog written by employees of Praetorian Security Group, LLC
Recent Comments