The Metasploit pen testing platform has added working exploit modules that can target a serious zero-day vulnerability...
in Microsoft XML Core Services (MSXML) and a software bug in Internet Explorer.
Users are strongly encouraged to patch this vulnerability before your systems get exploited.
Guy Bruneau, vulnerability handler, SANS Internet Storm Center
Microsoft has indicated in an advisory issued last week that it is aware of ongoing attacks targeting Microsoft XML Core Services zero-day vulnerability. The company issued a temporary workaround until a permanent patch is released. The addition of an exploit module to the Metasploit Framework makes it widely available to attackers.
The Software giant issued an update to Internet Explorer, repairing 13 vulnerabilities in the browser. The Metasploit module targets a remote code execution flaw in Internet Explorer 8, which could allow an attacker to view and steal data or cause the browser to crash. The flaw enables an attacker to bypass some of the latest Microsoft security features supported in IE 8. The SANS Internet Storm Center said the exploit is being used in “limited attacks.”
“Users are strongly encouraged to patch this vulnerability before your systems get exploited,” wrote Guy Bruneau, a vulnerability handler at the SANS Internet Storm Center.
Microsoft added security features to deter cybercriminals from executing code in memory on Windows systems. Address space layout randomization (ASLR) was released for Windows Vista in 2007. Data execution prevention (DEP) was rolled out in early versions of Windows XP. Later versions of Windows provide better support for the capabilities, but both security features have been successfully bypassed by attackers.
Microsoft patched 26 vulnerabilities as part of its June 2012 Patch Tuesday. Vulnerability management experts indicated that the security updates for Internet Explorer and an update for Microsoft Remote Desktop Protocol (RDP) should be tested and deployed as soon as possible.
The browser update is rated “critical” and affects Internet Explorer 6, 7, 8 and 9. Microsoft has been rolling out updates to its RDP protocol since an issue was first addressed in March. RDP weaknesses are a coveted attack vector for penetration testers and cybercriminals. Issues typically stem from poorly implemented systems or weak or default passwords. Security experts said additional updates for Microsoft RDP are likely.