Microsoft made a rare weekend post on its Security Response Center blog to announce an advisory that affects all currently supported versions of Internet Explorer. The issue is based on a newly discovered exploit that could be used against the web browser.
The blog post states that the exploit "allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message." The company is aware of "limited, targeted attacks" that have used the exploit.
IE 10 and 11 are protected against attacks using this exploit if they have their Enhanced Protected Mode turned on. Also, PCs that have either the Enhanced Mitigation Experience Toolkit 4.1 or the EMET 5.0 Technical Preview installed are also secured against this security hole. Microsoft says that PC owners should always enable their personal firewall, make sure to have all of the latest software updates for their programs, and have all the most recent anti-virus and anti-malware definitions.
Finally, Microsoft said, " ... we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders." The blog did not have any information on when Microsoft will release a patch that will close this latest IE exploit.
The issue affects IE 6, which is still supported by Windows Server 2003 Service Pack 2. It's also still used by Windows XP, which is no longer supported by Microsoft. That means IE6 users on that OS won't be getting a patch when Microsoft issues one for the web browser.
Source: Microsoft | Image via Microsoft
45 Comments - Add comment