Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security org raises Internet threat level after seeing expanded IE attacks

Gregg Keizer | Sept. 24, 2013
Gang responsible for Bit9 hack in February responsible for latest attacks exploiting IE 'zero-day,' says FireEye

On Sept. 19 — last Thursday — HD Moore, the chief security officer of Rapid7 and the creator of Metasploit, said that no exploit module for the IE bug had yet been added to the toolkit.

If attacks do ramp up, Microsoft would be much more likely to issue an "out-of-band" security update to plug the hole. The next regularly-scheduled Patch Tuesday is more than two weeks away, slated for Oct. 8.

However, out-of-band updates from Microsoft are rare: The last one was MS13-008, an emergency patch issued Jan. 14 that dealt with a vulnerability in IE6, IE7 and IE8 that had been exploited for about six weeks.

Users can also temporarily ditch IE for an alternate browser, such as Google's Chrome or Mozilla's Firefox, to stay safe until Microsoft comes up with a permanent fix.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.