Attack code published for two actively exploited vulnerabilities in Microsoft software
Attack code for two actively exploited vulnerabilities in Microsoft software, one of which has not yet been patched, was integrated into the open source Metasploit penetration testing framework.
One of the vulnerabilities is identified as CVE-2012-1875 and is located in Internet Explorer. Attackers can exploit it to execute malicious code by tricking users into visiting a specially crafted Web page or opening a Microsoft Office document that has a malicious ActiveX control embedded into it.
Microsoft addressed the security flaw on Tuesday as part of its MS12-037 security bulletin, but according to security researchers from antivirus vendor McAfee, the vulnerability had been actively exploited in attacks since at least June 1. Read more...
Microsoft blames security info-sharing program for attack code leak
Microsoft on Friday confirmed that sample attack code created by the company had likely leaked to hackers from a program it runs with antivirus vendors.
"Details of the proof-of-concept code appear to match the vulnerability information shared with Microsoft Active Protection Program (MAPP) partners," Yunsun Wee, a director with Microsoft's Trustworthy Computing group, said in a statement posted on the company's site.
"Microsoft is actively investigating the disclosure of these details and will take the necessary actions to protect customers and ensure that confidential information we share is protected pursuant to our contracts and program requirements," Wee added. Read more...
Attackers exploit latest Flash bug on large scale, says researcher
Hackers are aggressively exploiting a just-patched Flash vulnerability, serving attack code "on a fairly large scale" from compromised sites as well as from their own malicious domains, a security researcher said Friday.
The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second "out-of-band," or emergency update, in nine days.
"CVE-2011-2110 is being exploited in the wild on a fairly large scale," said Steven Adair, a researcher with the Shadowserver Foundation, a volunteer-run group that tracks vulnerabilities and botnets. "In particular this exploit is showing up as a drive-by in several legitimate websites, including those belonging to various NGOs [non-government organizations], aerospace companies, a Korean news site, an Indian government Web site, and a Taiwanese university." Read more...