Internet Explorer exploit release could trigger a surge in attacks

While Microsoft has yet to issue a permanent patch for a known exploit, the code could become widely available to cybercriminals after being integrated into an open-source testing tool.

Internet Explorer 9 being fired against on Windows 7 SP1 with Microsoft Office 2007. Rapid7

Attack code that exploits an unpatched vulnerability found in all supported versions of Internet Explorer has been released into the wild. This means that cyberattacks could now surge and affect Internet Explorer users.

Known as CVE-2013-3893, the exploit was integrated Monday into Rapid7's open-source Metasploit penetration testing tool. By putting the exploit into Metasploit, the attack code was made accessible not only to security professionals but also cybercriminals, according to PCWorld.

"As long as cybercriminals get access to the exploit code made publicly available we will see instances of the exploit being use by regular cybercriminals and probably we will find the exploit in some of the most famous Exploit Kits," security firm AlienVault's research team manager Jaime Blasco told PCWorld. "I'm sure if Metasploit includes this exploit we will see an increase on widespread exploitation."

The exploit has apparently been on the loose for the last three months, but the majority of the attacks have targeted organizations in Japan and Taiwan, according to PCWorld. The integration of the CVE-2013-3893 into Metasploit could mean more widespread attacks.

Microsoft has not yet released a permanent patch for this exploit. It announced the CVE-2013-3893 flaw and released a downloadable "Fix It" tool in mid-September. Microsoft is expected to issue a new batch of security updates on October 8, but it's not yet clear if it will include a permanent patch for CVE-2013-3893.

Tags:
Security
About the author

Dara Kerr, a freelance journalist based in the Bay Area, is fascinated by robots, supercomputers and Internet memes. When not writing about technology and modernity, she likes to travel to far-off countries.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Find Your Tech Type

Take our tech personality quiz and enter for a chance to win* high-tech specs!