Zero-Day Exploit Published for IE82013-05-07 09:53 by Daniela
Security experts are warning that a newly discovered vulnerability in Internet Explorer 8 is being actively exploited to break into Microsoft Windows systems. Complicating matters further, computer code that can be used to reliably exploit the flaw is now publicly available online. The vulnerability has been used to launch attacks aimed at US government workers including the Department of Labour and the Department of Energy. The vulnerability exists in the way that IE accesses an object in memory that has been deleted or has not been properly allocated, Microsoft's advisory said. This could corrupt memory and possibly let an attacker execute arbitrary code on a victim's computer. An attacker could create a website to exploit this vulnerability through IE and then lure users to the website, typically through a link in an email or Instant Messenger message that users would be tricked into clicking. Microsoft suggests that users of IE8 could deploy EMET, the Enhanced Mitigation Experience Toolkit, and gives instructions how to configure it to add its protective layer to IE8 either through the EMET user interface, command line or via Group Policy. Upgrading to IE9 is also an option for Windows Vista and later, and upgrading to IE10 is an option for users of Windows 7 or later. The other option is, of course, switching to another browser such as Chrome or Firefox. Read more -here-
Post your review/comments
rate:
avg:
|