Another round of zeroday in the wild exploits using vulnerabilties in Java and Internet Explorer. It’s highly recomened that users stop using IE to browse the internet, also uninstall Java unless absouletly needed. If users do not know how to do this, this all taken care of with the purchase of one of our custom security packages, if interested call for more information. Our security packages can be installed and setup by us remotely anywhere in the world.
Researchers at security vulnerability testing firm Rapid7 have added a new module to the company’s free Metasploit frameworkthat allows users to successfully attack the vulnerability on Internet Explorer versions 7, 8 and 9 on Windows XP, Vistaand 7.
“Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user,” Rapid7 researcher “sinn3r” wrote on the firm’s blog. “Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available. The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk.”
News of the IE exploit surfaced at the blog of security researcher and blogger Eric Romang, who said he discovered the attack code while examining a Web server recently used by Chinese hackers to launch targeted attacks via zero-day Java vulnerabilities that were patched by Oracle last month. Romang and other experts have connected the sites serving those Java exploits to the Nitro attacks of 2011, espionage attacks directed against at least 48 chemical and defense companies.