Become a fan of Slashdot on Facebook


Forgot your password?

Submission + - IE zero-day attacks to ramp up: Metasploit releases module (

colinneagle writes: Both security professionals and cybercriminals use Metasploit, a penetration testing toolkit maintained by Rapid7, so when a Metasploit module is released, you should expect attacks against unpatched vulnerabilities to kick into a higher gear. Yesterday, Metasploit released a module for the latest IE zero day vulnerability being exploited in the wild.

Microsoft's security advisory dated September 17 listed IE 6, 7, 8, 9, 10 and 11 as affected software, but the Fix-it issued two weeks ago claimed, "The exploit we analyzed worked only on Windows XP or Windows 7 running Internet Explorer 8 or 9." However, this IE zero-day has been exploited since as far back as three months ago, on July 1, according to Websense Security Labs.

Attacks exploiting this newest unpatched IE zero-day have been increasing. Last week, the Internet Storm Center raised its threat level from green to yellow due "to increased evidence of exploits in the wild regarding Microsoft Security Advisory 2887505."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

IE zero-day attacks to ramp up: Metasploit releases module

Comments Filter:

Love may laugh at locksmiths, but he has a profound respect for money bags. -- Sidney Paternoster, "The Folly of the Wise"