Microsoft issues advisory on Internet Explorer vulnerability

April 28, 2014 by Nancy Owano weblog
Microsoft is scrambling to repair a security hole in its Internet Explorer web browser, saying it has detected attempts to exploit the flaw

( —Microsoft issued a security advisory on Saturday regarding an issue that impacts the Internet Explorer Web browser. Microsoft said it was aware of limited, targeted attacks seeking to exploit the vulnerability of Internet Explorer versions 6 through 11.

The is being characterized as a "remote code execution vulnerability." This allows remote code execution if users visit a malicious website with an affected browser. This is attack-by-lure, successfully convincing someone to go ahead and click a link in an email or instant message. An attacker can execute arbitrary code. Also, If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Dustin Childs, a group manager within the Trustworthy Computing Group at Microsoft, weighed in on the matter Saturday, saying "We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect customers."

He advised people to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. "Additionally, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders."

As for future intentions, the company said, "On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

This was also a busy weekend for Milpitas, California, based FireEye, the security company where its FireEye Research Labs had identified what it called a new Internet Explorer zero-day exploit used in targeted attacks. "The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11." The April 26 blog by Xiaobo Chen, Dan Caselden and Mike Scott said that "Threat actors are actively using this exploit in an ongoing campaign which we have named 'Operation Clandestine Fox.' However, for many reasons, we will not provide campaign details. But we believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market. We recommend applying a patch once available."

Collectively, last year, the vulnerable versions of IE accounted for 26.25% of the browser market, they wrote. "The vulnerability, however, does appear in IE6 through IE11 though the exploit targets IE9 and higher."

Explore further: Microsoft releases security patch for Web browser

More information:

Related Stories

Microsoft probing new hole in IE security

February 3, 2010

Fresh from patching an Internet Explorer (IE) flaw exploited in cyberattacks on Google and other firms, Microsoft is looking into a newly exposed vulnerability in the browser software.

Internet Explorer users are warned against Poison Ivy

September 18, 2012

(—More than a few Internet Explorer users stand vulnerable to fresh attacks of Poison Ivy. In the latest headline in the "Internet Explorer has a flaw" saga, a security hole in Internet Explorer 7,8, and 9 is ...

Microsoft gets busy on fix for IE watering hole attack

January 1, 2013

(—Microsoft has published a security advisory about a vulnerability in Internet Explorer 6, 7, and 8. "We are only aware of a very small number of targeted attacks at this time," a Microsoft team blog said. The ...

Adobe Flash Player updates confront zero-day exploit

February 21, 2014

( —An Adobe Flash exploit has targeted three sites. Adobe Systems on Thursday announced knowledge of the exploit and what steps to take. The company assigned the CVE identifier CVE-2014-0502 to the vulnerability. ...

Recommended for you

Interactive tool lifts veil on the cost of nuclear energy

August 24, 2015

Despite the ever-changing landscape of energy economics, subject to the influence of new technologies and geopolitics, a new tool promises to root discussions about the cost of nuclear energy in hard evidence rather than ...

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Apr 28, 2014
Thanks, MegaSuck--I feel safer already...
Lex Talonis
not rated yet Apr 30, 2014
Microsoft is like having a nasty disease......

Vomiting, diarrhoea, delirium, hallucinations, incontinence, internal
hemorrhaging, raging fever, cold sweats, gangrene, pustulent boils, etc., etc., etc.,

All at the same time......

The cure?

A shot of LINUX.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.