The VML exploit we mentioned on Friday that leaves Outlook and Internet Explorer wide open to abuse now has Microsoft concerned enough to consider not waiting to provide a fix until the next patch Tuesday in October as Scott M. Fulton III reports at BetaNews:
Sophos Labs now rates as “critical” a re-emerging exploit to Microsoft’s Vector Markup Language (VML) library, which Microsoft now says it will try to patch before its original October 10 deadline, announced on Thursday. This comes as the SANS Group raises its InfoCon level officially to “yellow,” “to emphasize the need to consider fixes.”
The SunBeltBLOG points to a video of the live exploit in action at WebSense (explanation here). Actually there’s not that much to see – the user goes to the “wrong” web site, shuts down Internet Explorer, reopens it, and signs into PayPal. It takes a packet trace to see that his PayPal userid and password got stolen and sent off to another Internet site.
And it isn’t just sleazy web sites, since as Netcraft reports, web hosting company HostGator had a number of its servers compromised via a different exploit and otherwise innocent websites redirected to ones hosting the VML exploit. And yes, HTML email can infect users of Outlook too.