Friday, January 15, 2010

Operation Aurora - Metasploit Adds "Aurora" IE Zero-Day Exploit

Via Metasploit Blog -

Yesterday, a copy of the unpatched Internet Explorer exploit used in the Aurora attacks was uploaded to Wepawet. Since the code is now public, we ported this to a Metasploit module in order to provide a safe way to test your workarounds and mitigation efforts.

To get started, grab the latest copy of the Metasploit Framework and use the online update feature to sync latest exploits from the development tree.

Update: DEP blocks this sample and the Metasploit module; DEP is enabled by default in IE 8.

Internet Explorer contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered when a specially crafted website causes mshtml.dll to access memory that has been freed, allowing code execution.

Both Metasploit and Immunity CANVAS had the new IE zero-day...

As suggested by before, it is recommended to enable DEP for IE version older 8.


Kevin Liston, the handler @ ISC, predicts an OOB patch is not very likely....

No comments:

Post a Comment