Explorer security hole about to go global

The unpatched Internet Explorer exploit discovered in the wild this week could quickly spread to thousands of malicious websites as soon as this weekend, warn security researchers.

The exploit, which takes advantage of a bug in the way Explorer 6 and earlier versions handle VML, has been turned into a module in a Russian exploit toolkit called WebAttacker, researchers have confirmed. WebAttacker is designed to make it a simple matter to build a malicious website, even assessing the visitor's operating system and browser version and choosing the most effective exploit to use.

The VML flaw has been built into the latest version of WebAttacker, according to Sunbelt Security, Symantec and others.

While only about 20 sites are currently hosting the exploit, as many as 10,000 sites either host or point to various versions of WebAttacker, said Dan Hubbard, head of research at security company Websense, according to a report. That means the number of sites hosting the VML bug could quickly rise if WebAttacker users decide to upgrade.

The process seems to have begun already, with Internet Security Systems' X-Force research lab reporting on Wednesday that the number of sites hosting the exploit had trebled in a day.

Researchers also noted that a second generation of the exploit appeared a few hours after Sunbelt first noticed the original exploit. The upgrade delivers more malware once systems have been penetrated.

The exploit is continuing to evolve rapidly, researchers said. Proof of concept code has appeared for a version that would do away with the use of scripting, which would mean users couldn't protect themselves by disabling scripting in Explorer, and would make it easier for the exploit to be delivered via an HTML email.

Microsoft said in an advisory that it is aware of the attacks and is putting the finishing touches on a patch, but doesn't expect to deliver the patch before the usual monthly patch date - 10 October. The company said it may deliver the patch earlier if needed.

The last time Microsoft delivered an out of cycle patch was early this year, for the WMF flaw. The company doesn't deliver out of cycle patches unless the threat is massive and ongoing.

In its advisory, Microsoft recommended users protect themselves by disabling scripting in Explorer, something that could be ineffective against future versions of the exploit. Also in the advisory, Microsoft explained how to disable the vulnerable Vgx.dll from the command line.

Another way of getting around the problem is to use another browser, say security experts.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?