Internet Explorer Exploits Could Intensify: Experts

Dennis Faas's picture

Experts are growing increasingly concerned about a still-unpatched security flaw in Microsoft's popular web browser, Internet Explorer. According to recent reports, the vulnerability -- which first emerged in mid-September -- has been exploited on several occasions.

Microsoft has called the vulnerability CVE-2013-3989. The firm first announced the flaw back on September 17 shortly after Microsoft became aware of its use in a number of attacks.

In the days that followed Microsoft released a temporary "Fix It" tool that Internet Explorer users could manually download and install on their systems. (Source:

Permanent Fix Not Yet Available

However, two weeks later and Microsoft has failed to provide a permanent solution for the problem.

That has proven costly for a number of organizations (most of which are based in Asia) that have been targeted by hackers using the exploit, which affects every version of Internet Explorer.

Security experts say the flaw can be exploited if hackers convince Internet Explorer users to visit a specially crafted malicious web page. (Source:

Newly Released Exploit Module Could Be A Problem

Now, the problem appears to be intensifying. That's because developer Wei Chen has released a CVE-3013-3893 exploit module. Chen has made the module available through Metasploit, a network that allows security professionals to share information.

Unfortunately, hackers have been known to use Metasploit in order to find just this kind of information, which they can use to expand and intensify their attacks.

All in all, it's bad news for Internet Explorer users.

"As long as cybercriminals get access to the exploit code made publicly available we will see instances of the exploit being [used] by regular cybercriminals and probably we will find the exploit in some of the most famous Exploit Kits," noted Jaime Blasco, AlienVault security research team manager.

"I'm sure if Metasploit includes this exploit we will see an increase [in] widespread exploitation." (Source:

Microsoft's next Patch Tuesday is scheduled for October 8, 2013. No word yet on whether it will include a permanent fix for this issue.

Rate this article: 
No votes yet