Microsoft Warns Of Zero-Day Flaw In Internet Explorer

By Johnny Wills email: | Jan 01, 2013 02:41 PM EST

Share This Story

  • Print
  • Email

Following reports of an unpatched bug in older versions of the Internet Explorer (IE) browser, Microsoft has confirmed that the vulnerability allows hackers to hijack Windows machines.

Fortunately, Internet Explorer 9 and Internet Explorer 10 are not included in the affected browsers version list and, therefore, Window 8 users are safe. The bug, dubbed 'zero-day' flaw, mainly works on Windows machines running Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8.

Follow us

In a security advisory released on Saturday, Dec. 29, Microsoft confirmed the existence of 'zero-day' vulnerability and recommended users keep their Web browser up to date.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," Microsoft wrote.

According to The Washington Free Beacon, the vulnerability exploited Windows PCs whose users visited the Web site of Council of Foreign Relations (CFR) - a foreign policy think tank with servers and office in New York. Using the pirated computer system, hackers attacked CFR members and other visitors.

Free Beacon reports that the hack was first detected on Dec. 26 and pointed to Chinese hackers for attacking CFR's Web site. FireEye claims that the CFR Web site hosted the malicious code since Dec. 21. Other security firms believe that the attacks using the IE vulnerability started as early as Dec. 7.

The Web site of CFR was neutralized against the attack on Dec. 28, but security of users on Windows machines running Windows XP, Windows Vista, and Windows 7 remains vulnerable..

In a separate post on Security Research & Defense blog, Microsoft wrote that it is "working around the clock on the full security update" and announced the availability of a 'Shim' to block active attacks against IE 6, IE7, and IE 8 users.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

Join Our Conversation

The HTC logo is seen with different devices from the brand HTC M10 Perfume Launching A Month Later After MWC 2016
Lava Unleashes New P7 Device Into The Indian Market
New Disney Phone Coming To Japan
Xiaomi Locks Redmi Note 3, Mi 4c And Mi Note Pro; Others To Follow Suit?
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
ZTE's new lease program ZTE’s new Lease-to-own Program for Mobile Devices
LG’s G Pay to Take on Google, Samsung and Apple
Facebook: Taxes in the UK and a new Shopping tab
Samsung’s VR Headset to be Released at $99, Hulu Jumps Onboard with Apps Ready

Most Popular

© 2016 IBT Media Inc. All Rights Reserved.mobilenapps