Major Internet Explorer Security Flaw Discovered
A newly-discovered flaw in Microsoft's popular Internet Explorer (IE) web browser could allow hackers to take control of a Windows-based computer. The Redmond, Washington-based firm has acknowledged that the problem exists and that it affects older versions of IE.
The firm has also released a temporary fix for the problem.
Microsoft Advises: Avoid Suspicious Links
"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said in a security advisory issued on Sunday, December 30, 2012.
Microsoft says the remote code execution flaw exploits the way its popular browser accesses a computer's memory. The vulnerability could reportedly allow a hacker to take control of a victim's computer system if the user browses to a malicious website.
"In a web-based attack scenario, an attacker could host a website ... that is used to exploit this vulnerability," Microsoft said in the security advisory. (Source: cnet.com)
"In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website."
This is a distinction without a difference, however, because most security exploits depend on a computer somehow connecting to a source of malicious software.
It appears, in fact, that this vulnerability has already been exploited. According to reports, the flaw was recently used to attack Windows users who visited the Council on Foreign Relations website. That's a non-partisan U.S. foreign policy think tank.
Reports also indicate the Council on Foreign Relations site had been infected with malicious code since December 21, 2012.
"We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability," noted security expert Darien Kindlund.
Flaw Affects Only Older Versions of IE
Microsoft insists this particular IE flaw affects only Internet Explorer 8 and older versions of its browser. The company says users of Internet Explorer 9 and 10 need not worry about this issue.
Microsoft has recently issued a temporary workaround for the problem in lieu of a full-fledged patch. If you use an older version of Internet Explorer, click here to visit Microsoft.com and learn more about the fix and how to obtain it. (Source: venturebeat.com)
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
Most popular articles
- Being Blackmailed for Money on Facebook? Here's What to Do
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by PC / Web Network Experts? Here's What to Do
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
Free Guide
