Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - IE zero-day attacks to ramp up: Metasploit releases module (

colinneagle writes: Both security professionals and cybercriminals use Metasploit, a penetration testing toolkit maintained by Rapid7, so when a Metasploit module is released, you should expect attacks against unpatched vulnerabilities to kick into a higher gear. Yesterday, Metasploit released a module for the latest IE zero day vulnerability being exploited in the wild.

Microsoft's security advisory dated September 17 listed IE 6, 7, 8, 9, 10 and 11 as affected software, but the Fix-it issued two weeks ago claimed, "The exploit we analyzed worked only on Windows XP or Windows 7 running Internet Explorer 8 or 9." However, this IE zero-day has been exploited since as far back as three months ago, on July 1, according to Websense Security Labs.

Attacks exploiting this newest unpatched IE zero-day have been increasing. Last week, the Internet Storm Center raised its threat level from green to yellow due "to increased evidence of exploits in the wild regarding Microsoft Security Advisory 2887505."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

IE zero-day attacks to ramp up: Metasploit releases module

Comments Filter:

Whom the gods would destroy, they first teach BASIC.