Microsoft issues fix to stop active attacks exploiting serious IE bug

Microsoft has released a temporary update that patches a security flaw attackers are actively exploiting to hack Internet Explorer users.

The Fix it plugs a hole in all supported versions of Internet Explorer, even though there are "only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9," Dustin Childs, a group manager for communications in Microsoft's Trustworthy Computing group, wrote in an advisory posted Tuesday morning. "This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type," he added.

In a separate advisory, Microsoft officials added: "The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

Read 1 remaining paragraphs | Comments