09-17-2013 01:43 PM - edited 09-17-2013 01:44 PM
Microsoft has released an emergency workaround for users of Internet Explorer, to protect against a “limited number” of targeted attacks being specifically directed at IE 8 and IE 9 – but which could potentially affect all versions of the web browser.
According to a blog post by Dustin Childs, a group manager for communications in Microsoft’s Trustworthy Computing group, the security hole can be exploited when users visit a boobytrapped webpage:
"This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message. Running modern versions of Internet Explorer ensures that customers receive the benefit of additional security features that can help prevent successful attacks."
10-02-2013 02:51 PM
Critical Internet Explorer exploit code released in the wild.
Attack code that exploits a critical vulnerability in all supported versions of Microsoft's Internet Explorer browser has been publicly released.
Monday's release of a module for the Metasploit exploit framework used by security professionals and hackers could broaden the base of attackers who are capable of targeting the flaw. Until now, the bug has been known to be exploited in only a handful of highly targeted attacks aimed mostly at workers in Japanese government agencies and manufacturers. While the attack code has been available to anyone who knows where to find it, its inclusion in the open-source Metasploit could make it easier for some people to use.
Microsoft issued a temporary fix for the browser two weeks ago. The company, which is scheduled to release its next batch of security updates on October 8, hasn't said when it will issue a permanent patch.
10-04-2013 11:21 AM
Hold in there, Internet Explorer peeps: Gaping zero-day fix coming Tues
Microsoft is preparing to close a wide-open security hole in Internet Explorer - a vulnerability state-backed spies are exploiting to mine organisations across Asia.
A update to fix the flaw is among four critical patches Redmond has lined up for the October edition of Patch Tuesday, due next week. Versions 6 through to 11 of the web browser are known to be vulnerable.
In fact, the bug itself is quite an interesting case study: modern Windows kernels attempt to randomise the layout of software in memory and mark the areas containing just data as non-executable, which in theory is supposed to make life extremely difficult for hackers.