Exploit developer Wei Chen earlier this week released an exploit module for Metasploit that contains the same code attackers have been using to capitalize on a recently identified Internet Explorer vulnerability, and some experts believe this could lead to an escalation in attacks.
Researchers at several security providers have already shown that exploits taking advantage of the IE zero-day vulnerability are being used in a water-hole style attack dubbed “Operation DeputyDog,” which targeted various Japanese organizations since at least mid-August and may have been used to compromise security vendor Bit9 earlier this year.
Another group of researchers discovered that the exploit was also being used to serve up malware by way of compromised website belonging to Taiwan’s Government e-Procurement System, and a third set of researchers confirmed the Taiwanese compromise, pushing the IE zeroday exploit timeline back to at least July 1, 2013.
The release of the Metasploit module, which is intended to be used by security professionals for research and vulnerability assessments, can also be abused by cybercriminals for nefarious purposes, and could lead to an escalation in the number of attacks utilizing the malicious code.
“As long as cybercriminals get access to the exploit code made publicly available we will see instances of the exploit being use by regular cybercriminals and probably we will find the exploit in some of the most famous Exploit Kits,” said AlienVault’s Jaime Blasco.
“I’m sure if Metasploit includes this exploit we will see an increase on widespread exploitation.”
Microsoft is planning to release a patch for the vulnerability, and in the meantime recommends users “apply the Microsoft Fix it solution, CVE-2013-3893 MSHTML Shim Workaround, that prevents exploitation of this issue. See Microsoft Knowledge Base Article 2887505 to use the automated Microsoft Fix it solution to enable or disable this workaround.”
Read More Here…