Major Internet Explorer Security Flaw Discovered
A newly-discovered flaw in Microsoft's popular Internet Explorer (IE) web browser could allow hackers to take control of a Windows-based computer. The Redmond, Washington-based firm has acknowledged that the problem exists and that it affects older versions of IE.
The firm has also released a temporary fix for the problem.
Microsoft Advises: Avoid Suspicious Links
"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," Microsoft said in a security advisory issued on Sunday, December 30, 2012.
Microsoft says the remote code execution flaw exploits the way its popular browser accesses a computer's memory. The vulnerability could reportedly allow a hacker to take control of a victim's computer system if the user browses to a malicious website.
"In a web-based attack scenario, an attacker could host a website ... that is used to exploit this vulnerability," Microsoft said in the security advisory. (Source: cnet.com)
"In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website."
This is a distinction without a difference, however, because most security exploits depend on a computer somehow connecting to a source of malicious software.
It appears, in fact, that this vulnerability has already been exploited. According to reports, the flaw was recently used to attack Windows users who visited the Council on Foreign Relations website. That's a non-partisan U.S. foreign policy think tank.
Reports also indicate the Council on Foreign Relations site had been infected with malicious code since December 21, 2012.
"We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability," noted security expert Darien Kindlund.
Flaw Affects Only Older Versions of IE
Microsoft insists this particular IE flaw affects only Internet Explorer 8 and older versions of its browser. The company says users of Internet Explorer 9 and 10 need not worry about this issue.
Microsoft has recently issued a temporary workaround for the problem in lieu of a full-fledged patch. If you use an older version of Internet Explorer, click here to visit Microsoft.com and learn more about the fix and how to obtain it. (Source: venturebeat.com)
I can help! Send me a message on the bottom left of the screen (using the Zopim Chat button), or click my picture to read more about how I can fix your computer over the Internet. Optionally you can read all about my credentials, here.
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
Free Guide
