2 New Critical Internet Explorer Vulnerabilities
Posted 18 June 2012 - 09:17 PM
Well, one of them is a newer exploit that was just recently patched, but the other is a Zero day (new exploit w/ no security patch available), and rumor has it that it is a "State Sponsored" (Pick a non-ally country that hates us) vulnerability:
CVE-2012-1889: MSXML Uninitialized Memory Corruption - This is an uninitialized memory bug found in MSXML. According to Microsoft, such a component can be loaded from either Internet Explorer and Microsoft Office. This vulnerability is rumored to be "state-sponsored", and what makes it really critical is it's still an 0-day hijacking Gmail accounts. That's right, that means if you're using Gmail as well as Internet Explorer or Microsoft Office, you're at risk. We expect this vulnerability to grow even more dangerous since there's no patch, and it's rather easy to trigger.
Though Microsoft has released some stop gap measures to deal with this, there is no word on when a patch will be available. Security experts are recommending using a different browser until a patch is released.
Exploit code for both have been released publicly and Metasploit has already created exploit modules for both and added them to their framework. So if you are familiar with the Metasploit platform you can use it to test your systems to see if they are vulnerable or not.
"I have lived, Sir, a long time, and the longer I live, the more convincing proofs I see of this truth- that God Governs in the affairs of men. And if a sparrow cannot fall to the ground without his notice, is it probable that an empire can rise without his aid?"
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users