On Tuesday, Microsoft, along with the release of its monthly patches, announced a vulnerability – a zero-day flaw affecting IE 6 and 7. IE 8 browser users are safe.
The unpatched zero-day flaw in IE 6 and 7 is caused by an invalid pointer reference being used in IE, and could allow attackers to execute malicious code remotely on a user’s systems. Under certain conditions, the invalid pointer reference can be accessed even after an object is deleted, resulting in remote code execution attacks against users. Microsoft has warned, in its recent advisory, that the vulnerability is being exploited in the wild. While the company is aware of the attacks, no other details have been released.
Currently, there is no patch for the zero-day flaw. ZDNet published today that an Israeli hacker had pinpointed the vulnerability in IE 6 and 7 and had created a working exploit code. Hopefully, Microsoft releases a patch relatively soon. Until then, it is highly suggested to update your browser to IE 8, or switch to an IE competitor such as, but of course not limited to, Google Chrome, Mozilla Firefox, or Opera. However, if you’re a die-hard IE 6 or 7 fan, workarounds are available and provided in Microsoft’s advisory, linked below.
Related posts:
