Microsoft fixes “zero-day” bugs in IE after vulnerability detected

Data CBR Staff Writer

12:36, April 28 2014


New vulnerability found in Microsoft's flagship web browser.

Microsoft has rushed fixes for an Internet Explorer bug after security firm FireEye Research Labs found out vulnerability in Internet Explorer versions 6 to 11.

According to FireEye, the vulnerability is present in IE6 to IE11 but attacks are targetting IE9 and above.

A 'zero-day' vulnerability is so named as attackers begin exploiting it even as the developer remains unknown of it and thus has no immediate fix.

"Threat actors" are already exploiting the vulnerability, said FireEye naming the threat campaign as "Operation Clandestine Fox".

In a statement issued over the weekend, Microsoft said that it is "aware of limited, targeted attacks that attempt to exploit a vulnerability" in its browsers.

The remote code execution vulnerability makes the IE access an object in memory that has been deleted or has not been properly allocated.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," Microsoft said. "An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

The vulnerable versions of IE, 6 to 11, formed 26.25% of the browser market in 2013, according to a research report by NetMarket Share.

However there will not be any fixes available for PCs running Windows XP, as Microsoft stopped providing support for the OS this month, leaving millions of systems vulnerable.

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.