This past weekend, Microsoft issued a security advisory for all supported versions of its Internet Explorer web browser, due to recently discovered attacks that used a newly found zero day exploit. The issue is so serious, the U.S. Homeland Security department has issued its own warning about the IE exploit.
The department's Computer Emergency Readiness Team has posted word on its website that Internet users and IT administrators should "enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available." It's rare that the team issues a security alert that offers a recommendation to stop using a specific web browser family,
Microsoft's original security advisory, released on Saturday, describes the nature of the exploit:
The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
Microsoft says that hackers could create a website made specifically to take advantage of this exploit and then lure people to visit it via emails or other means. So far, the company has not announced when they plan to release a patch for this issue.
58 Comments - Add comment