In a blog posting, McAfee chief technology officer George Kurtz explained that researchers for the firm have seen references to the code on mailing lists and that it has been published on at least one web site.
The code was used in the recent Google hack to exploit a vulnerability in Microsoft’s Internet Explorer browser, the code has now become public, potentially leading to more attacks.
An attacker could use the flaw to gain control over a user’s system by tricking them into visiting a rigged web page, he said.
The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability,
The now public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit. This attack is especially deadly on older systems that are running XP and Internet Explorer 6.
Microsoft issued a security advisory on Thursday admitting that Internet Explorer could be used to allow remote code execution, and said it may release an out-of-cycle patch for the flaw.
Beware Internet Explorer (IE) Users
The flaw has been taken very seriously by organisations across the globe, with the German government recommending its citizens use an alternative browser to IE until the vulnerability is patched.
“At this time, we are aware of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if the situation changes,” noted the security update.
Global Threat Condition: Elevated
