An exploit has been released into the wild that takes advantage of an Internet Explorer bug described in MS-07-055. The exploit currently only works on Windows 2000 with IE 5.0, 5.5 and 6.0 SP1, but attackers are sure to be working on a version for XP which would cause a much larger issue. Vista is not affected by this vulnerability, so if you’re running on that platform, there’s no cause for alarm here.
Some new tools have also been released into the public. The Metasploit project is continuing to be developed, and causing headaches for system admins everywhere. A new version was released in beta, so look forward to new exploits being developed for that framework. Some new SIP attack tools were also released. SIPVicious is an attackers tool package that’s able to scan, war dial and crack SIP PBX’s. VOIP is still getting hit hard, and we don’t see any calming in the future.