Metasploit is a free, Open Source security testing tool. It's the cat's meow, and so the World+Dog now have the exploit. If you're still on IE6 or IE7, get off it right now. Microsoft says so, too:A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer.
Moshe Ben Abu (AKA Trancer00t) developed exploit code for the flaw in IE 6 and 7 in knocking-up an exploit module for the open-source Metasploit exploit database.
"I didn't find the vuln', just found it in the wild. With a little help from McAfee (http://j.mp/c4W3xA) :-)," the Israeli security researcher noted in a Twitter update on Thursday.
Microsoft acknowledged that the flaw, which stems from an invalid pointer reference, affects IE 6 and 7 and creates a possible mechanism for hackers to drop malware onto vulnerable systems. IE8, the latest version of Microsoft's web surfing software, isn't vulnerable.
Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.This is in the wild, folks, meaning that it's coming to a computer near you. Your computer.
Get Firefox here.
Get Internet Explorer 8 (not bad, actually) here.
MACAFEE,HUH? MAYBEE THAT IS WHY IN THE HELL MY COMPUTER KEEP GETTING INFECTED.THEY WERE THE CAUSE OF IT.
ReplyDeleteWhat about other browsers like Chrome or Opera?
ReplyDeleteAnything is better than IE before 8; my preferred order right now is:
ReplyDeleteFirefox
Opera
IE8
Chrome/Mac browsers/the others I haven't used
IE6/7 are a tempting target because they're so common, and so well understood. It doesn't help that many businesses are slow to update and continue to do sensitive things with IE6/7. IE8 appears to be better by design, and alternative browsers have the advantage of security through obscurity. (For now)
Jim