This past Monday a working Internet Explorer exploit was released. A user visiting a site injected with malicious code using IE 7, 8 or 9 can be remotely exploited. Some resources have recommended moving away from using IE to other browsers such as Google Chrome or Firefox. This vulnerability in IE can be exploited easily using the Metasploit module that has been developed for it. Microsoft has released a stopgap fix for this but is releasing an official patch(MS12-063) on 9/21/2012. Microsoft Security Advisory (2757760): http://technet.microsoft.com/en-us/security/advisory/2757760 More Information on Security Advisory 2757760's Fix It: http://blogs.technet.com/b/srd/archive/2012/09/19/more-information-on-security-advisory-2757760-s-fix-it.aspx US-CERT Vulnerability Note: http://www.kb.cert.org/vuls/id/480095 Fix-it Tool: http://support.microsoft.com/kb/2757760 |
root@dafthack:~# >