19 sept 2012

New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7

Se ha reportado un nuevo 0day que afecta a los sistemas operativos de Microsoft Windows en sus navegadores Internet Explorer. Para ser mas precisos, Internet Explorer 7, 8 y 9 en  los sistemas operativos windows XP, windows VISTA y windows 7.Por el momento una de las soluciones es que utilices otro navegador como Chrome o bien Firefox,  aunque estuve realizando pruebas y el Antivirus de AVG ya lo detecta como Malware.

Anexo El reporte Completo del Blog de Metasploit.https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit

We have some Metasploit freshness for you today: A new zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7. Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available. The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source: StatCounter). We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures.
Here's the back story: Some of you may remember that a couple of weeks ago, the Metasploit exploit team released a blog regarding a new Java exploit (CVE-2012-4681), with a blog entry titled "Let's Start the Week with a New Java 0day in Metasploit". You'd think the 0-day attack from the same malicious group might cool down a little after that incident... well, you'd be wrong. Because last weekend, our fellow researcher and Metasploit contributor Eric Romang just spotted another 0-day, possibly from the same group, exploiting a Microsoft Internet Explorer use-after-free vulnerability.
The Metasploit team has had the pleasure to work with Mr. Romang and @binjo together, and pretty soon we had a working exploit. You may download Metasploit here, and apply the latest update to pick up the exploit.
The following screenshot demonstrates a successful attack against a Windows 7 machine with Internet Explorer 9 installed:
Screen shot 2012-09-17 at 7.59.19 AM.png
This one is against Internet Explorer 8 installed:

Screen shot 2012-09-16 at 5.32.08 PM.png
Here's another example exploiting a fully-patched Windows XP SP3 box:

The exploit also works against Windows Vista, but I think you guys get the point now.
To try out this module, get your free Metasploit download now, or update your existing installation. In the meantime, we will keep this blog updated when more progress has been made.

Sep 17th, 2012 - Microsoft releases advisory 2757760: http://technet.microsoft.com/en-us/security/advisory/2757760

1 comentario:

  1. [...] de Microsoft que lo utilizan (Windows XP, Windows Vista y Windows 7). Hoy leyendo mis RSS leo en Flu-Project que Metasploit ya lo tiene implementado, así que vamos a ver como [...]