Immunity said it had published a working exploit for the Vector Markup Language vulnerability within three hours of Microsoft announcing the bug and issuing a patch.
A company that specializes in creating attacks for penetration testing came up with a working exploit of a critical Microsoft patch within just hours of the fix hitting the street Tuesday.
Immunity, a security and consulting firm, said earlier this week that it had published a working exploit for the VML (Vector Markup Language) vulnerability within three hours of Microsoft announcing the bug and issuing a patch.
The VML flaw, which was outlined in the MS07-004 security bulletin, affects Windows 2000- and Windows XP-powered PCs running Internet Explorer 5.01, 6.0, and 7. It is similar, researchers have said, to a VML vulnerability that was patched out of cycle in September.
Some security researchers put the VML bug at their top of their patch-now lists, and said that because there were active exploits already in circulation, users and enterprises should deploy this fix before any others issued Tuesday. Hackers could use the vulnerability to hijack PCs; all they need do is lure users to a malicious Web site. Simply viewing the malformed page could result in losing control of the PC, analysts have warned.
The phenomenon of a continuously shrinking window of time between the disclosure of a vulnerability and the appearance of a working exploit has become so pervasive that some wags have dubbed the day after Microsoft releases patches as "Exploit Wednesday."
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.