Explorer security hole about to go global

The unpatched Internet Explorer exploit discovered in the wild this week could quickly spread to thousands of malicious websites as soon as this weekend, warn security researchers.

The exploit, which takes advantage of a bug in the way Explorer 6 and earlier versions handle VML, has been turned into a module in a Russian exploit toolkit called WebAttacker, researchers have confirmed. WebAttacker is designed to make it a simple matter to build a malicious website, even assessing the visitor's operating system and browser version and choosing the most effective exploit to use.

The VML flaw has been built into the latest version of WebAttacker, according to Sunbelt Security, Symantec and others.

While only about 20 sites are currently hosting the exploit, as many as 10,000 sites either host or point to various versions of WebAttacker, said Dan Hubbard, head of research at security company Websense, according to a report. That means the number of sites hosting the VML bug could quickly rise if WebAttacker users decide to upgrade.

The process seems to have begun already, with Internet Security Systems' X-Force research lab reporting on Wednesday that the number of sites hosting the exploit had trebled in a day.

Researchers also noted that a second generation of the exploit appeared a few hours after Sunbelt first noticed the original exploit. The upgrade delivers more malware once systems have been penetrated.

The exploit is continuing to evolve rapidly, researchers said. Proof of concept code has appeared for a version that would do away with the use of scripting, which would mean users couldn't protect themselves by disabling scripting in Explorer, and would make it easier for the exploit to be delivered via an HTML email.

Microsoft said in an advisory that it is aware of the attacks and is putting the finishing touches on a patch, but doesn't expect to deliver the patch before the usual monthly patch date - 10 October. The company said it may deliver the patch earlier if needed.

The last time Microsoft delivered an out of cycle patch was early this year, for the WMF flaw. The company doesn't deliver out of cycle patches unless the threat is massive and ongoing.

In its advisory, Microsoft recommended users protect themselves by disabling scripting in Explorer, something that could be ineffective against future versions of the exploit. Also in the advisory, Microsoft explained how to disable the vulnerable Vgx.dll from the command line.

Another way of getting around the problem is to use another browser, say security experts.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Techworld.com
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?