Tuesday, September 25, 2012

How to find latest IE vulnerability (CVE-2012-4969) with Nexpose


As you probably know, Microsoft released advisory 2757760 (Microsoft Security Advisory (2757760): Vulnerability in Internet Explorer Could Allow Remote Code Execution) which describes a Remote Code Execution vulnerability in Internet Explorer 7, 8, and 9. This was assigned to CVE-2012-4969 and Microsoft released a Security Update patch on September 21st, 2012 (Microsoft Security Bulletin MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842)) to address this vulnerability.

Check out this blog about the 0-day exploit released by the Metasploit team on September 17th, 2012. As of Nexpose 5.4.5, released on September 22nd, 2012, you can also now find and remediate any assets that are vulnerable. Here's how:

To continue reading; please click here: