New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7

This title is a bit misleading. This exploit will not be able to fully exploit anyone running on Vista or Windows 7, since Internet Explorer renderers run in low integrity processes on those operating systems (essentially, they are sandboxed). No one has released a second exploit that would escalate privileges outside of this sandbox.<p>If you are running IE on Windows XP and you've taken no other steps to protect yourself (like running EMET, SandboxIE, or another mitigation), then it's your own damn fault that you got owned. On the other hand, take a look at how many exploits for IE that Rapid7/Metasploit has that support Windows 7: 0.

Computers can get compromised <i>simply by visiting a malicious website</i> Since <i>Microsoft has not released a patch for this vulnerability yet</i>, Internet users are strongly advised to switch to other browsers.<p>The long release cycle of internet explorer is a very big problem for ie users, unfortunately most of them don't even now what a browser is.

More explanation here: <a href="http://www.ehackingnews.com/2012/09/new-zero-day-ie-exploit-metasploit-module.html" rel="nofollow">http://www.ehackingnews.com/2012/09/new-zero-day-ie-exploit-...</a>

Could someone who understands them explain the screenshots to me like I was 5? I'm familiar with ruby, internet explorer, and virtual machines, but I can not make any sense of these images.

Resistance is futile. It is time to assimilate, download chrome.

Can't say I'm ever surprised when exploits like this pop up, but it's definitely valuable to know. I don't use IE nor manage users on IE so I know I'm fine, but those of you out there using it or managing users that use it should probably take this as an opportunity to re-educate users on security best practices including email attachments and visiting unfamiliar websites.<p>Also important to note that some websites you may be familiar with could become compromised and attack-code added within iFrames is very common, so it's best to just not use IE at all until a patch is released.

www.google.com/chrome dont leave 127.0.0.1 without it.<p>I find packaging up 0-day's into point-click downloads for metaspliot and the likes akin to giving a small child a loaded gun, but thats me I guess. Will only encourage the digital-vandals (media calls them hackers, bless).

I sure hope this exploit gets a lot of attention, in this way most people will understand the importance of upgrading their browser and thus... we, web developers, will not have to support crappy browsers (IE7 I'm looking at you!) :D

wow this is so big it makes my head spin.. most def the new ms08-067