Microsoft issues advisory on Internet Explorer vulnerability

Apr 28, 2014 by Nancy Owano weblog
Microsoft is scrambling to repair a security hole in its Internet Explorer web browser, saying it has detected attempts to exploit the flaw

( —Microsoft issued a security advisory on Saturday regarding an issue that impacts the Internet Explorer Web browser. Microsoft said it was aware of limited, targeted attacks seeking to exploit the vulnerability of Internet Explorer versions 6 through 11.

The is being characterized as a "remote code execution vulnerability." This allows remote code execution if users visit a malicious website with an affected browser. This is attack-by-lure, successfully convincing someone to go ahead and click a link in an email or instant message. An attacker can execute arbitrary code. Also, If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Dustin Childs, a group manager within the Trustworthy Computing Group at Microsoft, weighed in on the matter Saturday, saying "We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect customers."

He advised people to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. "Additionally, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders."

As for future intentions, the company said, "On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

This was also a busy weekend for Milpitas, California, based FireEye, the security company where its FireEye Research Labs had identified what it called a new Internet Explorer zero-day exploit used in targeted attacks. "The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11." The April 26 blog by Xiaobo Chen, Dan Caselden and Mike Scott said that "Threat actors are actively using this exploit in an ongoing campaign which we have named 'Operation Clandestine Fox.' However, for many reasons, we will not provide campaign details. But we believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market. We recommend applying a patch once available."

Collectively, last year, the vulnerable versions of IE accounted for 26.25% of the browser market, they wrote. "The vulnerability, however, does appear in IE6 through IE11 though the exploit targets IE9 and higher."

Explore further: New Chinese law to boost cyber security

More information:

Related Stories

Adobe Flash Player updates confront zero-day exploit

Feb 21, 2014

( —An Adobe Flash exploit has targeted three sites. Adobe Systems on Thursday announced knowledge of the exploit and what steps to take. The company assigned the CVE identifier CVE-2014-0502 to ...

Microsoft gets busy on fix for IE watering hole attack

Jan 01, 2013

(—Microsoft has published a security advisory about a vulnerability in Internet Explorer 6, 7, and 8. "We are only aware of a very small number of targeted attacks at this time," a Microsoft team ...

Internet Explorer users are warned against Poison Ivy

Sep 18, 2012

(—More than a few Internet Explorer users stand vulnerable to fresh attacks of Poison Ivy. In the latest headline in the "Internet Explorer has a flaw" saga, a security hole in Internet Explorer ...

Microsoft probing new hole in IE security

Feb 03, 2010

Fresh from patching an Internet Explorer (IE) flaw exploited in cyberattacks on Google and other firms, Microsoft is looking into a newly exposed vulnerability in the browser software.

Recommended for you

Feds shut down background check database over flaw

Jun 29, 2015

The federal personnel agency whose records were plundered by hackers linked to China announced on Monday the temporary shutdown of a massive database used to update and store background investigation records ...

US spy chief says China 'leading suspect' in hack

Jun 25, 2015

The head of US intelligence said Thursday that China is "the leading suspect" in a massive data breach of Washington's government personnel files, but that an investigation is ongoing.

IT failure may have triggered Polish airline meltdown

Jun 24, 2015

An IT failure may have triggered a computer systems meltdown at Polish flagship carrier LOT that grounded more than 1,400 passengers at Warsaw's Frederic Chopin Airport at the weekend, Polish prosecutors ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Apr 28, 2014
Thanks, MegaSuck--I feel safer already...
Lex Talonis
not rated yet Apr 30, 2014
Microsoft is like having a nasty disease......

Vomiting, diarrhoea, delirium, hallucinations, incontinence, internal
hemorrhaging, raging fever, cold sweats, gangrene, pustulent boils, etc., etc., etc.,

All at the same time......

The cure?

A shot of LINUX.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.