Researchers have spotted a first exploit for an “extremely critical” vulnerability in Microsoft’s Internet Explorer.
Visitors of the infected website will automatically be infected with a new variant of the Spybot worm. The malware opens a backdoor on the system and attempts to lower the security settings, effectively turning infected systems into zombie computers.
Monty IJzerman, manager of security with McAfee, said that he expects Microsoft to release a patch soon. Secunia notified Microsoft about the threat on 13 February, he noted. “Microsoft has had some time to research this issue,” IJzerman said.
The vulnerability is caused by an error in the way that the browser processes the ‘createTextRange’ method call on a radio button. Users can prevent infection by disabling Active Scripting in their browser settings (instructions can be found here).
Microsoft confirmed the bug in a blog posting and issued a security advisory. At the time of the publication of the advisory, Microsoft said it wasn’t aware of attacks using the vulnerability.
The detection of the pest caused the SANS Internet Storm Center to raise its Infocon threat level to yellow, representing the second step on a four step scale. It indicates that researchers are tracking a significant new threat but that its impact is as of yet unknown. Users are advised to take immediate specific action.
The way that the vulnerability can be exploited is similar to the Windows .wmf vulnerability that emerged last January. Back then, attackers posted infected images on websites that allowed them to execute arbitrary code on Windows systems.
McAfee’s IJzerman said that he believes that the ‘createTextRange’ vulnerability will be harder to exploit. “The .wmf vulnerability was a feature in the Windows code that worked on any version of the Windows operating system. With the ‘createTextRange’ all versions are vulnerable, but exploits won’t work on all versions of the operating system.”
Although it requires advanced programming skills, he expected that knowledgeable worm authors will be able to create a universal exploit that first determines the operating system’s version and then deploys a specific patch.
Subscribers 0
Fans 0
Followers 0
Followers