Microsoft has released security advisory 2794220 which details a vulnerability in the company's web browser Internet Explorer that may allow attackers to execute code remotely on affected systems if the vulnerability is exploited successfully. What makes this a pressing matter for users of the Windows operating system is that it is already exploited in the wild according to Microsoft's Response Communications Group Manager Dustin Childs.
The security vulnerability affects Internet Explorer 8 and earlier only, and systems with IE9 or IE10 are not vulnerable. What this means is that Windows 8 users are not affected by the vulnerability at all, as the default version of the system is Internet Explorer 10. All other versions of Windows may be affected by the vulnerability as they ship with Internet Explorer 8 or earlier versions depending on the version.
Attackers need to convince users to open a specially prepared website in Internet Explorer to exploit the vulnerability, which can happen via links in emails, instant messengers, social networking sites or other means. It appears to be enough to view attack sites in Internet Explorer 8 or earlier.
The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
Microsoft has posted several mitigation options for users of Internet Explorer 8 or earlier to protect the Windows operating system from the exploit.
You can read up on the vulnerability advisory here on this page on the Microsoft website.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.