ARS Technica reports a critical vulnerability in all versions of Internet Explorer just went mainstream as exploit code became part of a new module for the Metasploit exploit framework on Monday. Microsoft issued a temporary fix for the exploit two weeks ago, but it's still unknown when the firm will do an automatic roll-out of a permanent patch.
Monday's release of a module for the Metasploit exploit framework used by security professionals and hackers could broaden the base of attackers who are capable of targeting the flaw. Until now, the bug has been known to be exploited in only a handful of highly targeted attacks aimed mostly at workers in Japanese government agencies and manufacturers. While the attack code has been available to anyone who knows where to find it, its inclusion in the open-source Metasploit could make it easier for some people to use.
Microsoft issued a temporary fix for the browser two weeks ago. The company, which is scheduled to release its next batch of security updates on October 8, hasn't said when it will issue a permanent patch.