"The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques," according to Microsoft. Microsoft says it as designed to help prevent hackers from gaining access to your system. The tool is called Enhanced Mitigation Experience Toolkit, or EMET. In the near term, as an interim step, Microsoft is urging Windows users to install free software designed to protect the Internet Explorer browser. Microsoft said it is investigating reports of the bug. Romang said the zero-day season is not over yet. Security sleuths peg the IE exploits on the China-based group called Nitro, a group that first made news last year when Symantec said they had done their mischief at 48 businesses. Security watchers believe that the attacks are being made by the same people who previously figured out how to exploit a vulnerability in Oracle's Java framework. "We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures," according to Rapid7. Metasploit is a collaboration between the open source community and Rapid7. They can see if their own corporate networks are vulnerable. Security experts can use it to simulate attacks that exploit the security flaw in Internet Explorer. The exploit had already been used by malicious attackers in the wild but Rapid7 on Monday released an exploit module for Metasploit to allow security teams to get closer to the situation. HD Moore, CSO of Rapid7, said, though, that avoiding the browser might not even be enough, as many applications rely on the IE engine to render HTML. Rapid 7 offered advice for Internet users to switch to other browsers such as Chrome or Firefox while waiting for a security update. Security experts, like Rapid7, are advising business and general consumer users to avoid Internet Explorer until Microsoft issues a patch. The attacker can delete or add files or change registry values. The attacker can run code of his choice in the context of the user. Computer users can experience attacks if they visit a malicious website, which hands over privileges to the attacker. Rapid7, a security company, said it was a zero-day exploit making Internet Explorer 7, 8, and 9 vulnerable on Windows XP, Vista and 7 systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |