Saturday, September 21, 2013

Microsoft releases fix for 0-day IE browser bug

A vulnerability in Microsoft Internet Explorer (IE) browser is leaving thousands of businesses open to targeted attacks. Microsoft group manager of response communications Dustin Childs revealed the threat in a security advisory, confirming that hackers are actively exploiting a weakness in the browser. "Today we released Security Advisory 2887505 regarding an issue that affects IE. There are only reports of a limited number of targeted attacks specifically directed at IE8 and 9, although the issue could potentially affect all supported versions," Childs said. "This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message." Since being revealed numerous security vendors have released their own advisories warning of the potential damage an attack targeting the vulnerability could do. noted the vulnerability could be used for a variety of purposes by hackers. <more>

No comments: