Microsoft reports IE zero-day attacks

Summary:All versions of Internet Explorer are vulnerable to remote code execution through a memory corruption bug. Attacks are currently being conducted with exploits that work on IE8 and IE9.

Microsoft reports IE zero-day attacks

Microsoft is reporting an unpatched vulnerability in all versions of Internet Explorer. All versions of IE, other than those running on Windows Server, are vulnerable. This includes Internet Explorer 11 on Windows 8.1 and RT.

The vulnerability comes from a memory corruption bug which could lead to remote code execution. Microsoft says that they are aware of targeted attacks exploiting this vulnerability on Internet Explorer 8 and 9. Exploits such as these are often version-specific, even if the vulnerability affects multiple versions.

Attacks may be blocked by running a Microsoft "Fix it" solution for an earlier vulnerability: CVE-2013-1347 MSHTML Shim Workaround.

The company has not decided how to respond to the vulnerability. Certainly they will write a patch, but whether they schedule it for a Patch Tuesday or go "out of band" is not yet clear.

Microsoft's advisory also says that EMET (the Enhanced Mitigation Experience Toolkit) may be used to mitigate against the vulnerability.

See also:

Topics: Security, Microsoft

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.