News came out back in September that an Internet Explorer vulnerability that gave attackers the ability to execute arbitrary code on unpatched system had been unearthed.
This particular flaw was initially said to affect versions 8 and 9, but Microsoft announced that the vulnerability could potentially affect all versions of Internet Explorer on the market — from 6, 7, 8, 9 and 10 to even the recently released version 11.
The company quickly released a Fix It tool to prevent any attacks.
And attacks had already begun back then, with Redmond confirming that it had reports of limited target attacks against Internet Explorer version 8 and 9.
Now there is news that an exploit that takes advantage of this flaw has just been published on the Internet, and this potentially puts millions of Windows users at risk. A developer issued an exploit module for this IE flaw in the open source Metasploit penetration testing tool.
PCWorld notes that while this tool is primarily used by security developers to test their solutions, cybercriminals and hacker groups have also been known to use the software to create their own attacks.
The Fix It tool that Microsoft released does actually close the exploit in all versions of IE, it is nevertheless still a manual download — meaning there is a significant chance that it will not reach all users of the browsers.
Successful exploits of the flaw can give hackers the same privileges as the logged in users, so deploying this small patch is a now an absolute must, even if you do not primarily use Internet Explorer as your main browser.
Microsoft has promised a full patch addressing this glitch in the next Patch Tuesday cycle, which is set for October 8, but as of right now it is unknown if the IE patch will be included in the list of updates.
You can grab the Fix It tool from here, if you haven’t already.