ID: IRCNE2012091619
Date: 2012-09-18
According to "cnet", a previously unknown security hole in Internet Explorer 7, 8 and 9 is being actively exploited to deliver a back door trojan known as "Poison Ivy," researchers warned.
Security experts have already developed a vulnerability-testing tool known as a Metasploit module for IE 7, 8 and 9 on Windows XP, Vista and 7.
Microsoft has been looking into the matter and has some advice for protecting against an attack. Here's Yunsun Wee, director of Microsoft Trustworthy Computing, in an e-mail statement:
We're aware of targeted attacks potentially affecting some versions of Internet Explorer.... We have confirmed that Internet Explorer 10 is not affected by this issue. We recommend customers deploy Microsoft's Enhanced Mitigation Experience Toolkit (EMET) 3.0, which provides effective protections without affecting the Web browsing experience. We will continue to investigate this issue and take further actions as appropriate.
Wee didn't say when Microsoft hoped to have a fix for the vulnerability.
- 2