Code that hackers can use to exploit an unpatched vulnerability in all Internet Explorer software has been released into the wild, potentially causing an uptick in threats against users. The CVE-2013-3893 exploit has been released in the Metasploit open source testing tool. The tool is designed for use by security professionals, but cybercriminals often use such publicly available code in their exploit kits. Most of the attacks to date using the Internet Explorer vulnerability have been against targets in Japan and Taiwan. The vulnerability can be triggered to execute code if an Internet Explorer user visits a compromised or malicious website. Microsoft has not yet released a permanent patch for the vulnerability, only a temporary “fix it.” The company’s next set of regular updates is scheduled for 8 October 2013. (CNET)(PC World)
Sunday, November 3, 2013
Microsoft yet to Patch Threatening Browser Exploit
