Hacker Releases Metasploit Exploit for IE Zero-Day Hole
What started as 'targeted' attacks may now expand into a full-blown pandemic, since a hacker figured out how to turn hints into a Metasploit exploit module.
It didn't take long for a bug sleuth to take hints he found online about a security hole that Microsoft warned users about on Tuesday and turn them into a pre-built attack module ready for widespread use.
Microsoft (NASDAQ: MSFT) published a Security Advisory as part of this week's Patch Tuesday bug patch event, warning users that a zero-day vulnerability recently discovered in Internet Explorer 6 (IE6) and IE7 could leave them open to a complete compromise of their systems.
At that time, Microsoft officials acknowledged that they were aware of "limited, targeted attacks" in the wild.
By late Wednesday, however, a hacker who goes by the screen name Trancer had figured out the finer points of the attack and created a Metasploit module that will make the job trivial for someone with more malicious intent to create a serious infestation.
The Metasploit Framework is an open source hackers' project to test security systems for flaws, and is used by some hackers as a way to quickly implement the latest security exploits.
Microsoft recommends that IE6 and IE7 users set their security to "high" or, alternately, upgrade to IE8, which is not at risk of the attacks.
The announcement of the latest security breach -- one which has no patch yet -- came on what would have otherwise been a slow month for Microsoft following its Patch Tuesday event, so-called because the company releases most of its bug fixes on the second Tuesday of each month.
The Security Advisory, unlike a Security Bulletin, which includes bug fixes, was a bit of a surprise, given that the company had only warned systems administrators that it was issuing a pair of bulletins this month.
Microsoft has not yet said how or when it will fix the problem, but the appearance of a Metasploit module that implements the exploit makes the situation more tenuous for the company.
"Microsoft is aware that exploit code has been published for the vulnerability addressed by Microsoft Security Advisory 981374," Jerry Bryant, Microsoft's senior security communications manager, said in an e-mail to InternetNews.com.
"Once we're done investigating this issue, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-band update or additional guidance to help customers protect themselves," he added.