An exploit of an unpatched Internet Explorer vulnerability has been added to a popular crimeware kit, a move that will probably push Microsoft to fix the flaw with an emergency update, a security researcher said Sunday. ...
On Sunday, Roger Thompson, chief research officer of AVG Technologies, said that an exploit for the newest IE flaw had been added to the Eleonore attack kit, one of several readily-available toolkits that criminals plant on hacked Web sites to hijack visiting machines, often using browser-based attacks.
"This raises the stakes considerably, as it means that anyone can buy the kit for a few hundred bucks, and they have a working zero-day," said Thompson on his company's blog.
Microsoft has promised to patch the vulnerability, but last week said that the threat didn't warrant an "out-of-band" update....
Microsoft will deliver three security updates Nov. 9, but won't fix the IE bug then. [Date: 8 November 2010; Source: http://www.computerworld.com/s/article/9195380/]
No comments:
Post a Comment