New exploit uses IE vulnerability
A new exploit has been discovered in the wild that runs an ActiveX control in Internet Explorer 7. The attack does not come from visiting an infected web page, but through an opening in a specially crafted Word document, received, perhaps, in an e-mail. According to Trend Micro, the exploit uses the ActiveX control to contact a website and then, on un-patched systems, uses the vulnerability in Internet Explorer to run code and install a back door. The exploit also installs malicious spyware to report back system information. Microsoft has already issued a patch for the vulnerability – MS09-002.
Several anti-virus manufacturers claim to already detect both the custom Word documents and the back door. So far it appears that only a few targeted attacks have been attempted using this exploit. This may however change, as it is likely that a growing number of websites will be compromised and infected with the exploit. Users are advised, as always, to run Microsoft Update to protect their systems.
Larger companies that are typically not able to update systems immediately when patches are released, are most vulnerable to the attack. According to the security service provider Qualys, Internet Explorer offers a large number of ways to attack and penetrate corporate networks. Wolfgang Kandek, chief technology officer at Qualys, said that an automatic-update utility built into Internet Explorer to handle patching on the fly, as Mozilla does with FireFox, would be one solution. Kandek added “Patches would be deployed faster and we would have a healthier IE population,”.
- Microsoft’s February Patch Tuesday: four updates, a report from The H.
- Another Exploit Targets IE7 Bug, a Trend Micro report.
- MS09-002 Exploit in the wild uses MSWord Lure, a McAfee report.