Just a friendly reminder for those of you who haven't patched your systems lately to get MS13-080 (released 2 weeks ago)
http://technet.microsoft.com/en-us/secu ... n/ms13-080Addresses 2 major critical vulnerabilities (among others):
CVE-2013-3893
CVE-2013-3897
**CVE = common vulnerabilities exposures (essentially ticket number/reference number for vulnerabilities)
Readings for CVE-2013-3893 (explains how the exploit works -- please give a read just to get a high level overview of the thought vector/angle):
http://nakedsecurity.sophos.com/2013/10 ... ay-part-1/http://nakedsecurity.sophos.com/2013/10 ... ay-part-2/Reading for CVE-2013-3897
** this one targets online banking and online gaming info
http://blog.spiderlabs.com/2013/10/anot ... o-day.htmlhttp://blog.spiderlabs.com/2013/10/ie-z ... pects.html** code targets korean/japanese users on XP machines, but can be modified to target any end user
TLDR:
Vulnerability that allows for remote code execution (RCE) - so please patch your machine if you haven't already
Remember, you don't need to actively click a link to download the payload (aka drive by download) to be exposed/compromised (though doing so would makes it much easier for the attackers).
You also don't need to actively visit a 'bad' site to be exposed/compromised (though again, this makes it much easier for the bad guys)
**e.g visit 'legitimate' websites that have ads where the ad companies don't sanitize code/links (most do -- but some out there don't and allow for any doo-hickery) and the ad silently redirects your browser to a malicious site, which then silent drops the malware payload onto your computer