The exploit code for the cyber attack that hit both Google and Juniper has been published on the internet.
McAfee's chief technology officer George Kurtz has revealed that the yet-to-be-patched Internet Explorer vulnerability used in Operation Aurora has now been published on the internet.
He said: “McAfee Labs researchers have seen references to the code on mailing lists and confirmed on Friday that the code was published on at least one website.
“The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability. The now public computer code may help cyber criminals craft attacks that use the vulnerability to compromise Windows systems. Popular penetration testing tools are already being updated to include this exploit. This attack is especially deadly on older systems that are running XP and Internet Explorer 6.”
Microsoft has issued a statement on the situation, it said: “Microsoft is aware of public exploit code released that impacts customers using Internet Explorer 6 and of limited, targeted attacks attempting to use this vulnerability against Internet Explorer (IE) 6.
“As a result of the reports, we released an update to Security Advisory 979352 to alert customers and provide actionable guidance and tools to help with protections against exploit of this IE vulnerability. Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8.”
It recommended customers immediately upgrade to Internet Explorer 8 and consider applying the workarounds and mitigations provided in its Security Advisory such as putting internet zone security settings to high.
A spokesperson said: “Microsoft teams are continuing to work around the clock on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing an out-of-cycle security update.”