An exploit kit is a web-based attack tool that contains a bundle of several known exploits for web browser plugins (like Flash). The hackers who make these kits don’t really care whether the exploit in question has been patched or not, because they understand people, and they know that the odds are excellent that a high percentage of people who use Flash won’t bother to keep up with the latest security patches. In short then, they know that they can infect tens of thousands (or more) machines, quickly and easily, even in cases where a patch has already been issued.
This latest discovery is noteworthy mostly because of the speed and efficiency with which the exploit was included in a kit. The hacking community is proving quite adept at responding to new information and building new exploits into their tool sets almost as fast as they are discovered.
If you’re not sure whether or not you use Flash at your company, find out. If you use it, make sure you’re protected by the latest security patch. There are widely available tools that make it easy to use against you if you don’t keep up with the latest updates.
If you’re feeling a bit overwhelmed by it all, contact one of our seasoned experts and we’ll be happy to assess the risks for you and your company.