New zero-day vulnerability identified in all versions of IE
The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm FireEye, which first reported the flaw Friday.
The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.
The vulnerability is currently being exploited by a group of hackers targeting financial and defense organization in the US, FireEye told CNET.
"The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past," FireEye said. "They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure."
FireEye said the flaw was significant because it affects more than a quarter of the total browser market.
"Collectively, in 2013, the vulnerable versions of IE accounted for 26.25% of the browser market," FireEye said in its advisory.
An attack could be triggered by luring visitors to a specially crafted web page, Microsoft explained.
"The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft said. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."
Microsoft said it is investigating the vulnerability and may issue an out-of-cycle security update to address the issue.
We here at TheTechGame suggest using either Chrome (www.google.com/chrome) or Firefox (www.getfirefox.com) but whatever you do, don't continue to use Internet Explorer.
Posted:
Related Forum: PC General Forum
Source: http://www.cnet.com/news/new-zero-day-vulnerability-identified-in-all-versions-of-ie/
Related Articles
Comments
HeisenbergModsPosted:
Zips Chrome beats all browsers out there. IE is probably the worst.
Chrome is okay, but its a real ram eater. (Considering it opens up a new process on every new tab.) But Firefox is my preference over any.
MissPosted:
Warzoh3OH3My school does! looks like i gotta talk to my school.iTypp Good thing no one uses IE
I work as a pc support tech for my university and 90% of the faculty at my school use IE. It's a real problem
Yea I think a lot of schools and offices still use IE. This could effect them big time.
AR15Posted:
Do people really use anything else but Chrome? I'm not fanboying, but there really isn't any competition against Chrome. It's the best one in my opinion.
TSNYCPosted:
fknvlinkTZBHarmfulMushroom This should be considered your punishment for using IE..
Ikr, but the good thing is, not much people use it anymore.
I can guarantee that there would be exploits in all internet browsers just they would be less unknown except to a few.
Yeah there is people just seem to have hate for IE. I use chrome though as I find it smoother/faster
322Posted:
TZBHarmfulMushroom This should be considered your punishment for using IE..
Ikr, but the good thing is, not much people use it anymore.
I can guarantee that there would be exploits in all internet browsers just they would be less unknown except to a few.
TzBlitzPosted:
HarmfulMushroom This should be considered your punishment for using IE..
Ikr, but the good thing is, not much people use it anymore.
Latest Downloads
- 01. Lies of P: SaveGame (game completed 6 times, hero level 124)(0)
- 02. Shadow of the Ninja - Reborn: SaveGame(0)
- 03. The Darkness (DE) saveset(0)
- 04. (EU) Resident Evil 2 Remake(0)
- 05. Killzone 2 Save Data - Collection [ PS3 - RPCS3 ](1)
- 06. Resident Evil Revelations 2 Xbox 360 complete saveset(1)
- 07. WALL-E: Savegames - The game is 100% complete(0)
- 08. WWE 2K17 - Xbox 360 Game Save (Version 1.2)(4)
- 09. Monster Hunter: World - SaveGame (100%, Step-by-step saves for the game + DLC)(4)
- 10. WWE 2K17 - Xbox 360 Game Save (Version 1.1)(2)
- 11. Assassin's Creed: Valhalla - Savegame (Step-by-step saves for all DLC)(1)
- 12. WWE 2K17 - Xbox 360 Game Save(8)
- 13. My Summer Car: SaveGame (Satsuma in good condition)(1)
- 14. Tiny Tina's Wonderlands: SaveGame (before the final boss)(1)
- 15. [EU] Chernobylite - Conspiracy Trophy (CUSA28037)(5)
Latest Tutorials
- 01. PS3 HEN - Audio via a USB headset.(228)
- 02. Stumble Guys | Social Butterfly Achievement(141)
- 03. Last Days of Lazarus Achievement Walkthrough (Xbox/PS)(1,400)
- 04. EDENGATE: The Edge of Life - 100% Trophy/Achievement Guide(1,732)
- 05. Sherlock Holmes Chapter One | Walkthrough | No Commentary(1,424)
- 06. Morbid: The Seven Acolytes | Full Game Walkthrough(2,286)
- 07. Adam Wolfe | Full Game Walkthrough | No Commentary(1,525)
- 08. ALFRED HITCHCOCK: VERTIGO - 100% Walkthrough(1,807)
- 09. SHERLOCK HOLMES THE AWAKENED | Walkthrough | No Commentary(1,280)
- 10. Space Roguelike Adventure | Guide - Cheat Code!(1,489)
- 11. DETECTIVE Stella Porta Case | Trophy & Achievement Guide(1,151)
- 12. Tunic 100% Platinum Walkthrough | Trophy & Achievement Guide(1,766)
- 13. Outbreak: The Nightmare Chronicles Achievement Walkthrough(1,423)
- 14. Full Void 100% - Trophy & Achievement Guide(1,403)
- 15. Outbreak: Lost Hope #Xbox Achievement Walkthrough(2,197)
"New zero-day vulnerability identified in all versions of IE" :: Login/Create an Account :: 39 comments