Microsoft Warns Of Zero-Day Flaw In Internet Explorer

By Johnny Wills email: j.wills@mobilenapps.com | Jan 01, 2013 02:41 PM EST

Share This Story

  • Print
  • Email

Following reports of an unpatched bug in older versions of the Internet Explorer (IE) browser, Microsoft has confirmed that the vulnerability allows hackers to hijack Windows machines.

Fortunately, Internet Explorer 9 and Internet Explorer 10 are not included in the affected browsers version list and, therefore, Window 8 users are safe. The bug, dubbed 'zero-day' flaw, mainly works on Windows machines running Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8.

Follow us

In a security advisory released on Saturday, Dec. 29, Microsoft confirmed the existence of 'zero-day' vulnerability and recommended users keep their Web browser up to date.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," Microsoft wrote.

According to The Washington Free Beacon, the vulnerability exploited Windows PCs whose users visited the Web site of Council of Foreign Relations (CFR) - a foreign policy think tank with servers and office in New York. Using the pirated computer system, hackers attacked CFR members and other visitors.

Free Beacon reports that the hack was first detected on Dec. 26 and pointed to Chinese hackers for attacking CFR's Web site. FireEye claims that the CFR Web site hosted the malicious code since Dec. 21. Other security firms believe that the attacks using the IE vulnerability started as early as Dec. 7.

The Web site of CFR was neutralized against the attack on Dec. 28, but security of users on Windows machines running Windows XP, Windows Vista, and Windows 7 remains vulnerable..

In a separate post on Security Research & Defense blog, Microsoft wrote that it is "working around the clock on the full security update" and announced the availability of a 'Shim' to block active attacks against IE 6, IE7, and IE 8 users.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

Join Our Conversation

Smartphones
Huawei Honor 6 Plus Huawei Honor 6 Plus will reportedly skip Europe, other Western markets
BlackBerry Classic officially launched at $449, reviving most loved design features
Samsung reportedly looking to launch Apple Pay competitor in 2015
Cheapest 4G Windows Phone 8.1 handset penetrates India – Lumia 638 pre-orders now open
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Flipboard for Windows Phone Flipboard for Windows Phone finally available, but requires 1GB of RAM (VIDEO)
Vine gets major update, lets you upload previously-shot videos & more (VIDEO)
BlackBerry Messenger (BBM) finally hits Windows Phone – Available as a free download now
Instagram releases Bolt ephemeral messaging app in select markets to challenge Snapchat

Most Popular

Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics