Jeremy Scott | September 19, 2012
Monday came with reports by security researcher Eric Romang about the discovery of new exploit code on the same server that the recent Java 0-day was found. The exploit has been observed in the wild as well as incorporated into the Metasploit framework.
Microsoft has released a public advisory stating that the vulnerability exists in Internet Explorer 6, 7, 8 and 9. The advisory says that it may lead to remote code execution. Based on the information available and the analysis of the malicious code that has been observed, I conclude that it will lead to remote code execution.
It appears that Microsoft is working on a fix, but until the fix arrives the only available solution is to use an alternate browser.
For additional details about the issue visit Microsoft.
See how Solutionary managed security services based on the patented ActiveGuard® service platform combine security intelligence and expertise to provide visibility, threat detection and event response.
POST A COMMENT