Microsoft has confirmed a vulnerability in several Internet Explorer versions which has supposedly been used in the Chinese attack against Google and other companies. The vulnerability exists in Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 but the attacks seem to have been only targeting Internet Explorer 6 systems according to information posted in the vulnerability description at the Microsoft website.
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Microsoft is currently working on a patch to fix the vulnerability with the likelihood that the patch will be released out of their usual patch cycle as an emergency patch.
The patch confirmation page lists several mitigating factors but the safest option right now is to switch to a different web browser at least for as long as no patch is provided to protect the computer system from the vulnerability.
Attention: Copying articles to your website is not allowed. If you like the article you may copy the code below and post it on your website or user profile.Related Articles:
Out Of Band Internet Explorer Security UpdateOld Internet Explorers Affected By Security Vulnerability
Microsoft Releases Internet Explorer 0-Day Vulnerability Fix-It
Microsoft Internet Explorer Security Update
Internet Explorer Vulnerability Fix
I think people will switch to the safe & secure FireFox and to Linux OS’s like Ubuntu, much faster and in greater numbers.
I guess the issue is really, should IE even execute code remotely?
Surely that is the hole to plug instead of lots of patches…