1 McAfee blog enabled IE exploit - Security - News - ZDNet Australia
Breaking News: Interpol defends voluntary filter

ZDNet / Microsoft / Story

McAfee blog enabled IE exploit

By on March 12th, 2010 
Submit

An Israeli security researcher has published exploit code for an unpatched hole in Internet Explorer that Microsoft disclosed two days ago, using clues from a McAfee report on the hole.

Microsoft had warned in an advisory that a new vulnerability in IE6 and IE7, which could allow an attacker to take control of a computer, had been targeted in attacks.

Releasing the exploit code publicly increases the chances of attacks on the zero-day hole and could pressure Microsoft to issue a patch before its next scheduled Patch Tuesday in four weeks.

Researcher Moshe Ben Abu announced his work in a blog post on Wednesday and said it was being included in the open-source Metasploit exploit database.

He was able to create the exploit code after figuring out where an existing exploit was in the wild, based on information in a McAfee blog post, he told Ryan Naraine of the Zero Day blog at ZDNet.com.au sister site ZDNet.com. It took him about 10 minutes to de-obfuscate the exploit and pinpoint the vulnerability, he said.

Ben Abu said that he would have found the original exploit code sooner or later without McAfee's help.

Asked how serious the zero-day hole is, he wrote in an email: "The exploit covers Internet Explorer versions 6 and 7, which are not the latest version [IE8] but many users still use it. In addition, the exploit is quite unstable, with about 60 per cent to 70 per cent success rate. So I guess it is critical, but not for users who update their Windows with the latest IE."

Microsoft's advisory on the vulnerability includes information on workarounds but suggests that IE6 and IE7 users upgrade to IE8 immediately.

McAfee said it would be more careful about the details provided in its blog posts in the future.

"McAfee Labs does not support the release of exploit code, particularly in advance of a security patch being made available. We regularly sanitise blog content to prevent providing information that might assist attackers, while at the same time providing a service to customers and the security community to help improve protection levels," it said in a statement via email.

"The post in question did not contain enough information to directly lead anyone to exploit code. However, we regret that in this unique situation the post did contain details that may have given exploit writers a starting point to hunt for exploit code. Future blog posts will be subject to additional sanitisation."

Via CNET

Talkback

Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Terms of Service - As a ZDNet registrant, and by using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.

Resource Centre Useful content from our premier sponsors

Quick Poll

What is the biggest data management challenge in your organisation?

ZDNet Australia Live

The New York Time article and subsequent CBS piece where cheap sensationalistic fluff aimed at the less educated. I suggest a follow-up ...

4 minutes ago by 58kiwi on Aussie activists call for 'ethical iPhone'

@ashleybcox Std accounting practise for returning investments to be off-budget. http://t.co/TwbdOWXi

Sadly, data privacy and protection seems to count for nothing in the minds of legislators and politicians in this country.

6 minutes ago by Yoda7 on Lax data privacy laws hurt Australia

Please enlighten us all, what is the mark?

10 minutes ago by omega on Satellite-hating Libs blow policy free kick

IMAX replaces world's largest screen: pics: Go behind the scenes with our photo tour, and find out why the CEO o... http://t.co/eKH1lHfH

Take an early tour of Windows 8's Office 15: I see the significance of the NBN as being equal to building railwa... http://t.co/yw32J0ah

Twitter now available in emergencies with satellite providers http://t.co/yHD7oY0q

You're spot on with your comment re: hollywood. I'd bet my dogs they had HD 5.1 multi-angle video footage of the whole thing (not yet re...

22 minutes ago by Powerpup on From copyright to a world without borders

Have a look at powershop.co.nz - we definitely save money overall, and have the abillity to purchase discounted power in advance and see ...

28 minutes ago by Powerpup on NZ energy prices fall, websites thanked

"The number of people that believe they understand security, but don't, far exceed the number of people that do," http://t.co/rYMdWA0P

Who knew they had online shopping? These guys dont have a clue. Just bought a toaster for $67 from Appliances Online. Same one with ...

46 minutes ago by xBeanie on IBM to fix David Jones' online sales

I see the significance of the NBN as being equal to building railways, ports and surfacing the roads. The efficiencies in the economy of ...

47 minutes ago by H.Digitalis on Satellite-hating Libs blow policy free kick

David, your article is so poorly written and one sided that either you're incompetent or your post is a troll to gain plenty of hits for ...

55 minutes ago by tjb on Satellite-hating Libs blow policy free kick

The future of browsing...[video] http://t.co/HBbD8vo1

More change at the top for RIM http://t.co/xJEYc6WZ

As usual, the libs miss the point and show their ignorance. Wonder how their rusted-on RARA constituency will react? http://t.co/jep0yDrA

RT @dmbieg: The end of an era as Kodak discontinues camera business http://t.co/dl7yyd7t

Why a $25 computer means revolution: ... In the last 60 years, the computer has evolved from a machine that fill... http://t.co/qrAGAXbb

And let's not forget that the sky is probably gunna fall in so there's another pile of cash down the drain. And the NBN modem sitting o...

1 hour ago by omega on Satellite-hating Libs blow policy free kick

Glad you asked that redrover, I was going to ask that myself.

1 hour ago by clive49 on Satellite-hating Libs blow policy free kick

David, the distraction is Turnbull's incompetence. Turnbull now believes he can predict 30 years into the future because he believes that...

1 hour ago by omega on Satellite-hating Libs blow policy free kick

Yeah, and let's not forget the $4000 in services costs per site to get it in. Thats $10K. The we have 20% great big new carbon tax, that...

2 hours ago by Ocker on Satellite-hating Libs blow policy free kick

Are your children, grandchildren and great grandchildren 'fetching emails' are they? For every 1 dollar spent on the NBN, Australian tax...

2 hours ago by omega on Satellite-hating Libs blow policy free kick

RT @zdnetaustralia: Watch as the world's largest screen, IMAX, be replaced http://t.co/b0G2rPle

Guys if a product can be sold cheaper after the 10%GST then this over time will change our current approach to running a business. Additi...

2 hours ago by value spotters on Shopping online: so much more than GST

What I've been wondering is if NBN Co can lease the excess capacity on the satellites to other players in the SE Asia/Pacific region and ...

2 hours ago by redrover on Satellite-hating Libs blow policy free kick

I think David hit the nail on the head pretty much. Even as a Liberal supporter, I'll vote Labor just to get the continued investment int...

2 hours ago by GrahamK on Satellite-hating Libs blow policy free kick

The MaxJu5t1c3 Daily is out! http://t.co/uONV9w5S ▸ Top stories today via @zdnetaustralia

Thats why i had to watch FTA TV last night, grrrr RT @zdnetaustralia: Optus fibre cable cut in ACT: http://t.co/zDu6vTE4

RT @timbo2002: IBM to bring David Jones into the 90s r.e. it's online & ecommerce capabilities: http://t.co/lHv2ZInA

Take an early tour of Windows 8's Office 15 http://t.co/Jr1WAXhG via @zdnetaustralia

I live in suburban Melbourne, not within 3km of an exchange. On a good day my Internet is about 3.8Mbps. It used to be closer to 5 but as...

3 hours ago by GregE on Satellite-hating Libs blow policy free kick

RT @Asher_Wolf: UK to announce website blocking proposals “imminently”
http://t.co/WlByuQtG #censorship

...satellite isn't a solution for everyone. VOiP telecom is big here in North America, I use Vonage as my primary phone, and the huge ban...

3 hours ago by MortimerSnerd on Satellite-hating Libs blow policy free kick

RT @timbo2002: IBM to bring David Jones into the 90s r.e. it's online & ecommerce capabilities: http://t.co/lHv2ZInA

AFL fights Optus for its copyright - ZDNet Australia http://t.co/TK4ml3Jg

Satellite-hating Libs blow policy free kick http://t.co/PF5S8dgP

RT @Asher_Wolf: UK to announce website blocking proposals “imminently”
http://t.co/WlByuQtG #censorship

They're the cialis across them reflected been, but though said. The cheap cialis. Kamagra toward uk requiring because cliffs not cheap yo...

3 hours ago by solleyinceshy on Broadband Speedtest

RT @Asher_Wolf: UK to announce website blocking proposals “imminently”
http://t.co/WlByuQtG #censorship

RT @NewtonMark: UK #sopa. RT @Asher_Wolf: UK to announce website blocking proposals “imminently”
http://t.co/LdVdlLkh #censorship

We have satellite internet at the moment as we are in a black spot in western NSW. We find it OK.How fast do we need down load to fetch m...

3 hours ago by jmill on Satellite-hating Libs blow policy free kick

UK to announce website blocking proposals “imminently”
http://t.co/WlByuQtG #censorship

RT @Asher_Wolf: UK to announce website blocking proposals “imminently”
http://t.co/WlByuQtG #censorship

RT @Asher_Wolf: UK to announce website blocking proposals “imminently”
http://t.co/WlByuQtG #censorship

UK #sopa. RT @Asher_Wolf: UK to announce website blocking proposals “imminently”
http://t.co/LdVdlLkh #censorship

RT @NewtonMark: UK #sopa. RT @Asher_Wolf: UK to announce website blocking proposals “imminently”
http://t.co/LdVdlLkh #censorship

[plug] Satellite-hating Libs blow #NBN free kick http://t.co/PwDfr7BR. @TurnbullMalcolm policy benefits if birds deliver 12Mbps to 2m homes

IT jobs update | One podcast with the lot - ZDNet Australia - One podcast with the lotZDNet AustraliaWe ask if the I... http://t.co/01f2SzCV

@engochick ahh ok. Keep up the good work. I really enjoy the articles on @zdnetaustralia

RT @zdnetaustralia: Telstra will move 4.2 million BigPond customers onto Microsoft's Windows Live email service: http://t.co/kcGsdC0m

FBI releases Steve Jobs' background check: What's inside http://t.co/eYGD57Ba

IBM to fix David Jones' online sales: David Jones has turned to IBM to help it build a better web presence to re... http://t.co/ZLAKW6Ez

RT @zdnetaustralia: Optus fibre cable cut in ACT: http://t.co/WIYuHb9Q

IBM to fix David Jones' online sales - David Jones has turned to IBM to help it build a better web presence to reviv... http://t.co/9tYSdXwg

This story has been voted 20 times in the last 24 hours!

3 days ago, Symantec confirms hacker extortion

This story has been voted 10 times in the last 24 hours!

3 days ago, Symantec confirms hacker extortion

Facebook Activity

Keep up with ZDNet Australia

LinkedinLinkedin Join our network

RSS FeedsRSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

AlertAlertsSubscribe now

ZDNet Events Calendar

ZDNet Events Calendar

Plan Comparison

Prev Next
Loading...
Deals powered by WhistleOut

Sponsored resources