Microsoft had previously issued a security advisory warning those who use IE 6, and users that dont have Enhanced Protected Mode turned on (IE 10 and 11), of a potential security threat that could compromise the end user. Microsoft believes the attacks are limited, and only work if the victim is targeted and hasnt installed Enhanced Mitigation Experience Toolkit 4.1 or EMET 5.0.
The vulnerability occurs when Internet Explorer attempts to access a deleted or not properly allocated area of memory. The corrupt data allows the attacker to gain the same user rights as the victim, before executing arbitrary code to visit malicious websites or cause other damage.
Upon discovering the vulnerability, Microsoft has responded swiftly and stated how they plan to protect their users. The updated advisory offers some clarity on the security threat, stating that if the user is logged on with administrative rights then the exploit could take control of their entire system. The revision reiterates that the victim must voluntarily click on the malicious website, thus making this exploit less widespread.
The article features a Microsoft statement, saying:
Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
The company also encourages users to check the Microsoft Safety & Security Center for help on further protection.
A number of workarounds can be applied to protect your computer, the primary one suggesting the installation of the Enhanced Mitigation Experience Toolkit mentioned earlier. There are a few other slightly more advanced procedures that involve the use of command prompt or changing internet security zone settings, but its good to see a quick response on behalf of Microsoft.
Check out the official security advisory update here.
Source: Microsoft | Image via Microsoft