Attack code that exploits an unpatched vulnerability found in all supported versions of Internet Explorer has been released into the wild. This means that cyberattacks could now surge and affect Internet Explorer users.
Known as CVE-2013-3893, the exploit was integrated Monday into Rapid7's open-source Metasploit penetration testing tool. By putting the exploit into Metasploit, the attack code was made accessible not only to security professionals but also cybercriminals, according to PCWorld.
The exploit has apparently been on the loose for the last three months, but the majority of the attacks have targeted organizations in Japan and Taiwan, according to PCWorld. The integration of the CVE-2013-3893 into Metasploit could mean more widespread attacks.
Microsoft has not yet released a permanent patch for this exploit. It announced the CVE-2013-3893 flaw and released a downloadable "Fix It" tool in mid-September. Microsoft is expected to issue a new batch of security updates on October 8, but it's not yet clear if it will include a permanent patch for CVE-2013-3893.