NEWS FROM THE LAB - Wednesday, September 18, 2013

Vulnerability in IE Could Allow Remote Code Execution Posted by Sean @ 12:26 GMT

This is probably required reading if you're a Windows systems administrator of any sort: Microsoft Security Advisory (2887505).

Microsoft Security Advisory for CVE-2013-3893

All versions of Internet Explorer are affected.

Microsoft is currently aware of "a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9." The limited nature of attacks is very likely to change in the near future as exploit kit providers will now move to add support for an exploit based on the vulnerability. Our detection for such exploits is already in progress.

In the meantime, Microsoft has released a Fix it tool to mitigate potentially attacks until a patch is released.

Updated to add:

Our exploit detection based on this vulnerability has now been released.

Details: Exploit:HTML/CVE-2013-3893.A