On Thursday a new generation of the createTextRange exploit was released under Metasploit.
Few hours later, and an article was published on techweb, where AV vendor Fortinet claimed that this exploit is much faster (??) than the older exploits. And, probably after reading my blog post, older exploits caused the browser to freeze.
According to my tests using VirusTotal, Fortinet was the only AV vendor to create a signature for the new generation - JS/CreateTextRange.B!exploit.
Well, that was up until today, when a new revision for the createTextRange was published under Metasploit and Milw0rm.
The new revision demonstrates better AV/IDS evasion techniques, by using random variables/functions names, which apparently are included in the "generic" signatures of the AV and IDS vendors.
And no, this is not an April fool's day prank.
10 days (or less) left for the MS patch.