Explorer security hole about to go global

The unpatched Internet Explorer exploit discovered in the wild this week could quickly spread to thousands of malicious websites as soon as this weekend, warn security researchers.

The exploit, which takes advantage of a bug in the way Explorer 6 and earlier versions handle VML, has been turned into a module in a Russian exploit toolkit called WebAttacker, researchers have confirmed. WebAttacker is designed to make it a simple matter to build a malicious website, even assessing the visitor's operating system and browser version and choosing the most effective exploit to use.

The VML flaw has been built into the latest version of WebAttacker, according to Sunbelt Security, Symantec and others.

While only about 20 sites are currently hosting the exploit, as many as 10,000 sites either host or point to various versions of WebAttacker, said Dan Hubbard, head of research at security company Websense, according to a report. That means the number of sites hosting the VML bug could quickly rise if WebAttacker users decide to upgrade.

The process seems to have begun already, with Internet Security Systems' X-Force research lab reporting on Wednesday that the number of sites hosting the exploit had trebled in a day.

Researchers also noted that a second generation of the exploit appeared a few hours after Sunbelt first noticed the original exploit. The upgrade delivers more malware once systems have been penetrated.

The exploit is continuing to evolve rapidly, researchers said. Proof of concept code has appeared for a version that would do away with the use of scripting, which would mean users couldn't protect themselves by disabling scripting in Explorer, and would make it easier for the exploit to be delivered via an HTML email.

Microsoft said in an advisory that it is aware of the attacks and is putting the finishing touches on a patch, but doesn't expect to deliver the patch before the usual monthly patch date - 10 October. The company said it may deliver the patch earlier if needed.

The last time Microsoft delivered an out of cycle patch was early this year, for the WMF flaw. The company doesn't deliver out of cycle patches unless the threat is massive and ongoing.

In its advisory, Microsoft recommended users protect themselves by disabling scripting in Explorer, something that could be ineffective against future versions of the exploit. Also in the advisory, Microsoft explained how to disable the vulnerable Vgx.dll from the command line.

Another way of getting around the problem is to use another browser, say security experts.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma

Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?