EvilZone

Hacking and Security => Hacking and Security => : proxx May 13, 2013, 06:25:18 AM

: Microsoft being pwned.. again..[CVE-​​2013-​​1347]
: proxx May 13, 2013, 06:25:18 AM

http://nakedsecurity.sophos.com/2013/05/11/may-patch-tuesday-coming-up-microsoft-still-not-sure-if-latest-0-day-fix-will-make-the-cut/ (http://nakedsecurity.sophos.com/2013/05/11/may-patch-tuesday-coming-up-microsoft-still-not-sure-if-latest-0-day-fix-will-make-the-cut/)

https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit (https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit)

CVE-​​2013-​​1347 (http://technet.microsoft.com/en-us/security/advisory/2847140)
This exploit for internet explorer 8 is being used in the wild for a while now.
Microsoft isnt sure if they can fix it before patch Thuesday.
It appears to effect everything from windows XP to 2008/win7.

Up to this day there is no offical patch only a 'fix' tool : http://nakedsecurity.sophos.com/2013/05/09/microsoft-rushes-out-cve-2013-1347-fix-it-for-the-latest-internet-explorer-zero-day/ (http://nakedsecurity.sophos.com/2013/05/09/microsoft-rushes-out-cve-2013-1347-fix-it-for-the-latest-internet-explorer-zero-day/)

And if course , as always metasploit is already on the boat.
 :)
If I have some spare time today Ill do A little demo here.

: Re: Microsoft being pwned.. again..
: Zesh May 13, 2013, 07:14:52 AM

More like, IE "pwned.. again..". Why the hell is IE still around?

: Re: Microsoft being pwned.. again..
: Kulverstukas May 13, 2013, 08:30:23 AM

lol the dumb ones are always getting pwnd. Who in their right mind would use IE anyway...

: Re: Microsoft being pwned.. again..
: proxx May 13, 2013, 08:46:32 AM

: Zesh  May 13, 2013, 07:14:52 AM

More like, IE "pwned.. again..". Why the hell is IE still around?

Uhm yeah IE...mircosoft its just one example of their crap code, all the same to me.
Why I dont know but what I do know is that there are still millions of users, especially companies.
The fun part is that they cant go manually patching 5000 machines, until then they just have to pray :)

: Re: Microsoft being pwned.. again..
: xC May 13, 2013, 09:13:37 AM

Internet Explorer 9 is not vulnerable? They do make crap code but push patches quite frequently. Nobody takes the time to actually update though. Nice find.

: Re: Microsoft being pwned.. again..[CVE-​​2013-​​1347]
: vezzy May 13, 2013, 06:50:23 PM

In other news, the weather is cold in Siberia.

: Re: Microsoft being pwned.. again..[CVE-​​2013-​​1347]
: 3vilp4wn May 14, 2013, 03:28:18 AM

What I love most about IE is that they make a OKish browser with IE 9/10 and stuff, and then don't let XP users upgrade.  Not like I care though, I use firefox.

: Re: Microsoft being pwned.. again..[CVE-​​2013-​​1347]
: rasenove May 14, 2013, 05:53:26 AM

Microsoft programmers should take flying lessons, and die while doing it.
(IE takes 2-5 minuts to open a facebook page in slow connections... Total joke)