This week's big news was about the high profile attack on Google, WSJ reported that "The attack targeted as many as 34 different companies " . Immediately after that, McAfee published a blog entry that explained that the cause of these attacks was an IE 0-day. Microsoft also published an advisory for this 0-day, considering the importance, I would expect an out of band patch release for this vulnerability.
Yesterday, Metasploit project released an exploit for this vulnerability and if you are interested in a video demonstration, check the below link
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/
Update:
Yesterday, Microsoft released an out-of-band security update, MS10-002, that addresses the IE vulnerability
2 comments:
According to you what specific actions can be taken to avoid this type of attacks
@Anoop,
There are multiple things organizations can do.
Actionable intelligence gathering
User awareness and education
Traffic monitoring and anomaly detection and prevention
Check my earlier post http://infosecnirvana.blogspot.com/2009/05/mcafee-threat-report.html, if your organization can afford to completely block IP ranges from a specific country, do it.
In the Microsoft advisory, they have mentioned the following
"an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site" -- Reason for strong filtering and spam control
"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights" -- Reason for enforcing least privilege
Post a Comment