Public release of IE exploit could spark widespread attacks

Exploit module for yet-to-be-patched Internet Explorer vulnerability added to Metasploit

An exploit for a vulnerability that affects all versions of Internet Explorer and has yet to be patched by Microsoft has been integrated into the open-source Metasploit penetration testing tool, a move that might spur an increasing number of attacks targeting the flaw.

The vulnerability is known as CVE-2013-3893 and was announced by Microsoft on Sept. 17 after the company became aware of its use in targeted attacks. The company released a temporary "Fix It" tool that customers can download and install to address the flaw, but no permanent patch has been released through Windows Update.

The vulnerability affects all versions of Internet Explorer and can be exploited to execute arbitrary code on computers when IE users visit a specially crafted Web page hosted on a malicious or compromised website.

Security researchers have issued warnings about ongoing attack campaigns that have been using the vulnerability to target organizations in Japan and Taiwan since late August or even July, according to some reports.

Since August 29, when an exploit for this vulnerability was first detected as part of an attack dubbed "Operation DeputyDog," the exploit was adopted by at least two more APT (advanced persistent threat) groups and used in targeted attacks, according to a new report by researchers from security firm FireEye.

On Monday, exploit developer and Metasploit contributor Wei Chen released a CVE-2013-3893 exploit module for the popular penetration testing tool. Chen noted that the module is based on the exploit code that's already being used by attackers.

The inclusion of the exploit in Metasploit is significant, because while this tool is primarily aimed at security professionals, cybercriminals have made a habit of borrowing exploits from it and using them in their own attacks.

"As long as cybercriminals get access to the exploit code made publicly available we will see instances of the exploit being use by regular cybercriminals and probably we will find the exploit in some of the most famous Exploit Kits," said Jaime Blasco, manager of the research team at security firm AlienVault, Saturday via email. "I'm sure if Metasploit includes this exploit we will see an increase on widespread exploitation."

The exploit kits Blasco refers to are commercial crimeware tools like Black Hole that are available to a large number of cybercriminals and which are generally used in attacks that have a much wider scope than APT campaigns.

It's highly possible that the exploit is already being used as part of such exploit kits, said Metasploit engineering manager Tod Beardsley, Tuesday via email. The exploit used in the new Metasploit module was obtained from existing attacks and there are similarities between it and prior exploits known to be used in such tools.

In particular, the exploit contains system fingerprinting code that's not actually used, which suggests the original author is at least familiar with prior exploits found in exploit packs, Beardsley said.

According to Chen, the junk fingerprinting code appears to have been reused in various exploits since at least 2012.

Microsoft's next batch of security updates is scheduled for Oct. 8, but it's not clear if the company will issue a permanent patch for this particular vulnerability at that time.

Beardsley hopes it will. "The Fix It is effective, so I hope it would be straightforward to patch properly," he said.

Tags online safetyRapid7AlienVaultsecurityMicrosoftFireEyeExploits / vulnerabilitiesmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?