New zero-day vulnerability identified in all versions of IE

4.5
A new zero-day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday.

The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm FireEye, which first reported the flaw Friday.

The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.

The vulnerability is currently being exploited by a group of hackers targeting financial and defense organization in the US, FireEye told CNET.

"The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past," FireEye said. "They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure."

FireEye said the flaw was significant because it affects more than a quarter of the total browser market.

"Collectively, in 2013, the vulnerable versions of IE accounted for 26.25% of the browser market," FireEye said in its advisory.

An attack could be triggered by luring visitors to a specially crafted web page, Microsoft explained.

"The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft said. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

Microsoft said it is investigating the vulnerability and may issue an out-of-cycle security update to address the issue.

We here at TheTechGame suggest using either Chrome (www.google.com/chrome) or Firefox (www.getfirefox.com) but whatever you do, don't continue to use Internet Explorer.

Posted:
Related Forum: PC General Forum

Source: http://www.cnet.com/news/new-zero-day-vulnerability-identified-in-all-versions-of-ie/

Related Articles

Comments

"New zero-day vulnerability identified in all versions of IE" :: Login/Create an Account :: 39 comments

If you would like to post a comment please signin to your account or register for an account.

leiPosted:

Free_yoghurt i dont really like ie that much


Same Its really slow and other browsers are just such simpler. Safari is what I use.

-yoghurtPosted:

i dont really like ie that much

RioPosted:

IE, Used to download chrome.
But seriously, I dont think many people use IE.

leiPosted:

Danimals
TSNYC
Miss
Warzoh
3OH3
iTypp Good thing no one uses IE



I work as a pc support tech for my university and 90% of the faculty at my school use IE. It's a real problem
My school does! looks like i gotta talk to my school.


Yea I think a lot of schools and offices still use IE. This could effect them big time.[/
Yeah most places don't even bother changing it so I imagine it will have a big effect on them


my school uses it but they also have google chrome so i just use that
my school uses chrome personally

DanimalsPosted:

TSNYC
Miss
Warzoh
3OH3
iTypp Good thing no one uses IE



I work as a pc support tech for my university and 90% of the faculty at my school use IE. It's a real problem
My school does! looks like i gotta talk to my school.


Yea I think a lot of schools and offices still use IE. This could effect them big time.


Yeah most places don't even bother changing it so I imagine it will have a big effect on them


my school uses it but they also have google chrome so i just use that

TSNYCPosted:

Miss
Warzoh
3OH3
iTypp Good thing no one uses IE



I work as a pc support tech for my university and 90% of the faculty at my school use IE. It's a real problem
My school does! looks like i gotta talk to my school.


Yea I think a lot of schools and offices still use IE. This could effect them big time.


Yeah most places don't even bother changing it so I imagine it will have a big effect on them

XMEPosted:

I don't like IE but i do know a lot of people who use it and this can be very helpful to them

TreyarchedPosted:

Gossip I don't think anybody really uses IE anymore...


It's the 2nd most used browser so it's still used by millions of people

GossipPosted:

I don't think anybody really uses IE anymore...

kitypurryPosted:

Stop hopping on the bandwagon on hating IE. IE was beyond our time when it came out and with continued support it turned into a splendid browser for touchscreen devices that's fast and fluent. I'm a chrome user on a desktop/laptop, but when it comes to any touch screen monitor it's IE all the way.


Latest Downloads

Latest Tutorials