Microsoft Warns Of Zero-Day Flaw In Internet Explorer

By Johnny Wills email: j.wills@mobilenapps.com | Jan 01, 2013 02:41 PM EST

Share This Story

  • Print
  • Email

Following reports of an unpatched bug in older versions of the Internet Explorer (IE) browser, Microsoft has confirmed that the vulnerability allows hackers to hijack Windows machines.

Fortunately, Internet Explorer 9 and Internet Explorer 10 are not included in the affected browsers version list and, therefore, Window 8 users are safe. The bug, dubbed 'zero-day' flaw, mainly works on Windows machines running Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8.

Follow us

In a security advisory released on Saturday, Dec. 29, Microsoft confirmed the existence of 'zero-day' vulnerability and recommended users keep their Web browser up to date.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," Microsoft wrote.

According to The Washington Free Beacon, the vulnerability exploited Windows PCs whose users visited the Web site of Council of Foreign Relations (CFR) - a foreign policy think tank with servers and office in New York. Using the pirated computer system, hackers attacked CFR members and other visitors.

Free Beacon reports that the hack was first detected on Dec. 26 and pointed to Chinese hackers for attacking CFR's Web site. FireEye claims that the CFR Web site hosted the malicious code since Dec. 21. Other security firms believe that the attacks using the IE vulnerability started as early as Dec. 7.

The Web site of CFR was neutralized against the attack on Dec. 28, but security of users on Windows machines running Windows XP, Windows Vista, and Windows 7 remains vulnerable..

In a separate post on Security Research & Defense blog, Microsoft wrote that it is "working around the clock on the full security update" and announced the availability of a 'Shim' to block active attacks against IE 6, IE7, and IE 8 users.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Smartphones
LG G3 leaked UI screenshotsLG G3 UI screenshots leak, confirm QHD resolution of 2560 x 1440 pixels
Apple releases latest iOS 7.1.1 update - Here’s what it brings
HTC One M8 Mini reportedly headed to Verizon – Will it be another exclusive?
LG G Watch officially detailed, coming in Champagne Gold and Stealth Black color options
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Chrome Remote Desktop app for AndroidChrome Remote Desktop for Android now available for free from Google Play
Adobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps