October 2, 2013
Months-Old Internet Explorer Vulnerability Could Lead To Widespread Attacks
Michael Harper for redOrbit.com - Your Universe Online
A vulnerability found in Microsoft’s Internet Explorer could lead to widespread attacks against PCs running the browser. The exploit was first discovered in August and has since been acknowledged by Microsoft and included in a vulnerability testing tool, the latter of which has made it widely available to both security experts and attackers.
Microsoft delivered a “Fix It” tool to protect users from this vulnerability last month, but has yet to issue a permanent fix through Windows Update. Security experts say the Fix It tool effectively rids Internet Explorer of this vulnerability and suggest a permanent fix may be easy to ship. Though the exploit has been used for the past three months, PC World has claimed it’s mainly been used to target organizations in Japan and Taiwan.
The vulnerability is known as “CVE-2013-3893” and, according to Microsoft, can allow remote code execution. Malicious sites which exploit this vulnerability can run arbitrary code on a computer and install malware. Though security experts have been aware of this vulnerability for months, they say it could now pose a larger threat to users following its release in a popular exploit testing tool.
Security researchers with Fire Eye noted this exploit was being used as early as August 19 in an attack called Operation DeputyDog which targeted organizations in Japan. Microsoft acknowledged the vulnerability nearly a month later. On September 30, Fire Eye issued another report claiming they had three advanced persistent threat (or APT) groups using this exploit in targeted attacks.
This Monday the exploit was added to the Metasploit security tool which is used to test systems and networks against common exploits and vulnerabilities. The CVE-2013-3893 module in Metasploit was built on the exploit code already being used by hackers.
Though the tool is meant to help security experts find weaknesses in their systems, it is also made available to the general. Therefore, any exploit included in this tool can also be easily executed by attackers looking to benefit from these vulnerabilities.
“As long as cybercriminals get access to the exploit code made publicly available we will see instances of the exploit being use by regular cybercriminals and probably we will find the exploit in some of the most famous Exploit Kits,” explained Jaime Blasco, manager at security firm AlienVault in an email interview with PC World. "I'm sure if Metasploit includes this exploit we will see an increase on widespread exploitation."
Microsoft’s next scheduled round of security updates is set to ship next week, though it’s not yet known if the package will include a fix for this specific vulnerability. Last year a vulnerability linked to flaws in java was discovered in Microsoft’s Internet Explorer which left four out of every ten users vulnerable to having their machines remotely accessed. At the time the vulnerability was found all current versions of Windows and Internet Explorer were susceptible to the attack, including users running Windows 7, often thought to be Microsoft’s most secure operating system to date.