News

Metasploit adds Microsoft exploits for MSXML, Internet Explorer flaw

Robert Westervelt, News Director

The Metasploit pen testing platform has added working exploit modules that can target a serious zero-day vulnerability in Microsoft XML Core Services (MSXML) and a software bug in Internet Explorer.

    Requires Free Membership to View

Users are strongly encouraged to patch this vulnerability before your systems get exploited.

Guy Bruneau, vulnerability handler, SANS Internet Storm Center

Microsoft has indicated in an advisory issued last week that it is aware of ongoing attacks targeting Microsoft XML Core Services zero-day vulnerability. The company issued a temporary workaround until a permanent patch is released.  The addition of an exploit module to the Metasploit Framework makes it widely available to attackers.

The Software giant issued an update to Internet Explorer, repairing 13 vulnerabilities in the browser. The Metasploit module targets a remote code execution flaw in Internet Explorer 8, which could allow an attacker to view and steal data or cause the browser to crash. The flaw enables an attacker to bypass some of the latest Microsoft security features supported in IE 8. The SANS Internet Storm Center said the exploit is being used in “limited attacks.”

“Users are strongly encouraged to patch this vulnerability before your systems get exploited,” wrote Guy Bruneau, a vulnerability handler at the SANS Internet Storm Center.  

Microsoft added security features to deter cybercriminals from executing code in memory on Windows systems. Address space layout randomization (ASLR) was released for Windows Vista in 2007. Data execution prevention (DEP) was rolled out in early versions of Windows XP. Later versions of Windows provide better support for the capabilities, but both security features have been successfully bypassed by attackers.

Microsoft patched 26 vulnerabilities as part of its June 2012 Patch Tuesday. Vulnerability management experts indicated that the security updates for Internet Explorer and an update for Microsoft Remote Desktop Protocol (RDP) should be tested and deployed as soon as possible.

The browser update is rated “critical” and affects Internet Explorer 6, 7, 8 and 9. Microsoft has been rolling out updates to its RDP protocol since an issue was first addressed in March.  RDP weaknesses are a coveted attack vector for penetration testers and cybercriminals. Issues typically stem from poorly implemented systems or weak or default passwords. Security experts said additional updates for Microsoft RDP are likely.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: