Exploits, more details for unpatched IE vulnerability

Summary:Three separate targeted attack campaigns have been using the vulnerability, and now an exploit has been released on Metasploit. Microsoft has released a Fix it but not a patch.

The SANS Internet Storm Center is reporting that Metasploit has released an exploit module for an unpatched vulnerability in Internet Explorer disclosed last week by Microsoft.

The exploit module should grease the wheels for attackers seeking to infect users' systems, but according security firm FireEye, who first revealed attacks using the vulnerability, 3 separate campaigns are ongoing using it already.

Microsoft has released a Fix it for the vulnerability, which has been designated CVE-2013-3893, but still has no word on when a patch will be available for it or if they will go out of band to do so. Microsoft has also released instructions in the advisory for how to use their EMET tool to block exploits.

Topics: Security


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.