Microsoft fixes “zero-day” bugs in IE after vulnerability detected

Security

by CBR Staff Writer| 28 April 2014

New vulnerability found in Microsoft's flagship web browser.

Microsoft has rushed fixes for an Internet Explorer bug after security firm FireEye Research Labs found out vulnerability in Internet Explorer versions 6 to 11.

According to FireEye, the vulnerability is present in IE6 to IE11 but attacks are targetting IE9 and above.

A 'zero-day' vulnerability is so named as attackers begin exploiting it even as the developer remains unknown of it and thus has no immediate fix.

"Threat actors" are already exploiting the vulnerability, said FireEye naming the threat campaign as "Operation Clandestine Fox".

In a statement issued over the weekend, Microsoft said that it is "aware of limited, targeted attacks that attempt to exploit a vulnerability" in its browsers.

The remote code execution vulnerability makes the IE access an object in memory that has been deleted or has not been properly allocated.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," Microsoft said. "An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

The vulnerable versions of IE, 6 to 11, formed 26.25% of the browser market in 2013, according to a research report by NetMarket Share.

However there will not be any fixes available for PCs running Windows XP, as Microsoft stopped providing support for the OS this month, leaving millions of systems vulnerable.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

732 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.