April 28, 2014 Last Updated 7:47 am

Microsoft admits to huge vulnerability in Internet Explorer; ENISA says no quick fix coming

This weekend Microsoft issued a warning that its Internet Explorer is vulnerable to remote code execution. Remote code execution allows an attacker to access the user’s computing device and make changes.

“The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,” Microsoft warned. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

Microsoft did not mention fix was coming soon. The vulnerability effects Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 (that appears to be every usable version still around).

ENISA, the European Network and Information Security Agency, urged users to use another browser if they want to avoid the vulnerability, saying “This is a serious 0-day attack on society, “in-the-wild” attack, which demonstrates that there is no 100% security and how vulnerable society can be if security is not addressed from the start. Therefore, we advocate “security-by-design” from the start in the software process by industry.”

Comments are closed.