Exploits, more details for unpatched IE vulnerability

Three separate targeted attack campaigns have been using the vulnerability, and now an exploit has been released on Metasploit. Microsoft has released a Fix it but not a patch.

The SANS Internet Storm Center is reporting that Metasploit has released an exploit module for an unpatched vulnerability in Internet Explorer disclosed last week by Microsoft.

The exploit module should grease the wheels for attackers seeking to infect users' systems, but according security firm FireEye, who first revealed attacks using the vulnerability, 3 separate campaigns are ongoing using it already.

Microsoft has released a Fix it for the vulnerability, which has been designated CVE-2013-3893, but still has no word on when a patch will be available for it or if they will go out of band to do so. Microsoft has also released instructions in the advisory for how to use their EMET tool to block exploits.