New Attack Targets Internet Explorer

Microsoft is reporting that all versions of Internet Explorer are vulnerable to a newly discovered memory corruption bug.

They’ve already seen targeted attacks exploiting the weakness in Internet Explorer 8 and 9 and Internet Explorer 10 and 11 are also at risk for attack.

The issue is the way that Internet Explorer accesses objects in memory that have been deleted or not properly allocated. An attacker could corrupt the memory in a way that would permit the hacker to execute code. The hacker could then set up a website to exploit the issue and convince users to view the website.

Even though Microsoft Outlook, Outlook Express and Windows Mail open HTML in a restricted mode that disables script and Active X controls, a user could still click on a link in an e-mail and be vulnerable to attack. The bogus link might also come in a message.

If Internet Explorer is running on Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2, it runs in restricted mode and is protected from this bug.

Microsoft is offering a Fix It solution in their tech support center.  You can check that out by clicking here. 

The company is also reminding users it is important to keep their security up-to-date, enable software updates and install anti-malware software.

~ Cynthia

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.