Internet Explorer Exploit Code Publicly Released
Metasploit has released an exploit framework that targets a critical vulnerability in Internet Explorer into the public domain. While the attack code has been available to those who can find it, the new release could make it easier for people to employ.
According to Microsoft, the vulnerability lies in how Internet Explorer accesses an object in memory that has been deleted. The exploit use this to remote execute code that installs malware which then siphons off sensitive data from infected machines.
Microsoft had released the Fix It patch for safeguarding against the exploit when the vulnerability first became known. It is recommended that Windows users should install the temporary fix regardless of the browser they use. Microsoft is also expected to release the next batch of their security updates on 8th October 2013. Whether a permanent fix for this vulnerability will be included in the release has not yet been confirmed.