Attack code released following IE security update


June 21, 2012

A new Internet Explorer security update, released by Microsoft on June 12, is already being exploited by cyber criminals.

Malware tracking blog Contagio posted a download of the exploit source code and a video of the exploit in action on computer security tool Metasploit on June 15.

Technology website AllThingsD is reporting that this exploit could potentially allow cybercriminals to perform mass malware attacks.

“The vulnerability (CVE-2012-1875) is a remote code execution flaw in the way that Internet Explorer accesses an object that has been deleted,” wrote online security expert Ryan Naraine on June 18.

“The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.”

When Microsoft released the initial security update, it warned users that exploit codes could be available within 30 days.

Modern cyber criminals have access to highly advanced techniques and technology with which to locate any vulnerabilities or access points in even the most state-of-the-art systems.

That is why it is important to assess security protocols regularly and thoroughly to ensure private information is secure.

A red cell evaluation is one of the best ways to locate any potential flaws in your security system.

Red cell teams are highly trained in ethical hacking and are able to utilise a variety of common and unusual penetration techniques in order to fully simulate a potential attack.

Leave a Reply

Your email address will not be published. Required fields are marked *