The new twist on the createTextRange exploit takes much less time to execute than the original, which requires five to 10 seconds.
A new twist on the existing exploit of Internet Explorer's zero-day vulnerability has slashed the time it takes to compromise a computer, a security company claimed Friday.
According to Sunnyvale, Calif.-based Fortinet, the exploit -- dubbed "JS/CreateTextRange.B" to differentiate it from the original -- takes much less time to execute.
"In this version, the time to wait before the execution of the payload (aka hacker's code and potentially damaging payload) is minimized," said Fortinet's alert.
The change could be significant, since the one exploit now in circulation takes 5 to 10 seconds to execute, said Dan Hubbard, senior director of security and research at Websense.
"Some people give up and close their browser before that finishes," he said. The relatively long time for exploitation, he said, is in contrast to the Windows Metafile attack earlier in the year. "In that, as soon as you hit a page, you were infected," he said.
Speeding up the infection could cause fewer users to close IE, and lead to more machines falling under the sway of spyware and keyloggers.
As of mid-afternoon Friday, Microsoft had not pushed out a patch for the IE flaw, but users had other options to defend themselves, including disabling the browser's Active Scripting feature, installing one of two third-party fixes, or switching to another Web browser, such as Firefox.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.