Following reports of an unpatched bug in older versions of the Internet Explorer (IE) browser, Microsoft has confirmed that the vulnerability allows hackers to hijack Windows machines.
Fortunately, Internet Explorer 9 and Internet Explorer 10 are not included in the affected browsers version list and, therefore, Window 8 users are safe. The bug, dubbed 'zero-day' flaw, mainly works on Windows machines running Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8.
In a security advisory released on Saturday, Dec. 29, Microsoft confirmed the existence of 'zero-day' vulnerability and recommended users keep their Web browser up to date.
"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," Microsoft wrote.
According to The Washington Free Beacon, the vulnerability exploited Windows PCs whose users visited the Web site of Council of Foreign Relations (CFR) - a foreign policy think tank with servers and office in New York. Using the pirated computer system, hackers attacked CFR members and other visitors.
Free Beacon reports that the hack was first detected on Dec. 26 and pointed to Chinese hackers for attacking CFR's Web site. FireEye claims that the CFR Web site hosted the malicious code since Dec. 21. Other security firms believe that the attacks using the IE vulnerability started as early as Dec. 7.
The Web site of CFR was neutralized against the attack on Dec. 28, but security of users on Windows machines running Windows XP, Windows Vista, and Windows 7 remains vulnerable..
In a separate post on Security Research & Defense blog, Microsoft wrote that it is "working around the clock on the full security update" and announced the availability of a 'Shim' to block active attacks against IE 6, IE7, and IE 8 users.
© Copyright 2020 Mobile & Apps, All rights reserved. Do not reproduce without permission.most read
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton