Zero Day Vulnerability Found In Internet Explorer, Microsoft Released a Security Patch

Microsoft has released a temporary solution (patch) to prevent exploitation of new zero-day vulnerability in Internet Explorer (IE9 and 10).
On Wednesday, the tech giant provided the โ€œFix itโ€ solution,  nearly a week after news surfaced about limited attacks leveraging the vulnerability.
Last Thursday, researchers at FireEye revealed that U.S. veterans website was compromised to serve the zero-day exploit, and that attackers likely launched the campaign to steal intel and personal information of military service members. In the attack campaign, dubbed โ€œOperation SnowMan,โ€ the booby trapped site was ultimately used as a means of infecting visitors with a backdoor used for cyber espionage purposes.

Zero Day Vulnerability Found In Internet Explorer, Microsoft Released a Security Patch
Image Credits:- Makeuseof.com
In a Wednesday security advisory, Microsoft said that it was aware of โ€œlimited, targeted attacksโ€ that attempted to exploit the vulnerability (CVE-2014-0322), which impacts IE 9 and 10, but not IE 11 users.
The company also provided further details on the security issue.
โ€œThe vulnerability is a remote code execution vulnerability [which] exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,โ€ the advisory said. โ€œThe vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website,โ€ the advisory said of potential attack vectors.

On a Microsoft support page, the company recommended that users restart IE after installing the Fix it to avoid experiencing increased memory usage while browsing the web.

Read More

Suggested Post