Microsoft reports IE zero-day attacks

Microsoft reports IE zero-day attacks

Summary: All versions of Internet Explorer are vulnerable to remote code execution through a memory corruption bug. Attacks are currently being conducted with exploits that work on IE8 and IE9.

SHARE:
TOPICS: Security, Microsoft
18
Microsoft reports IE zero-day attacks

Microsoft is reporting an unpatched vulnerability in all versions of Internet Explorer. All versions of IE, other than those running on Windows Server, are vulnerable. This includes Internet Explorer 11 on Windows 8.1 and RT.

The vulnerability comes from a memory corruption bug which could lead to remote code execution. Microsoft says that they are aware of targeted attacks exploiting this vulnerability on Internet Explorer 8 and 9. Exploits such as these are often version-specific, even if the vulnerability affects multiple versions.

Attacks may be blocked by running a Microsoft "Fix it" solution for an earlier vulnerability: CVE-2013-1347 MSHTML Shim Workaround.

The company has not decided how to respond to the vulnerability. Certainly they will write a patch, but whether they schedule it for a Patch Tuesday or go "out of band" is not yet clear.

Microsoft's advisory also says that EMET (the Enhanced Mitigation Experience Toolkit) may be used to mitigate against the vulnerability.

See also:

Topics: Security, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • Impossible!

    Microsoft software, in particular Windows is the most secure software ever written.
    Microsoft itself is the greatest software company of all times. They *are* the software -- after all, "soft" is part of their company name!
    This is just not happening. Not possible.

    You just can't make this stuff up.
    /s
    danbi
    • Nothing constructive in the post. Bored now.
      PollyProteus
    • Jesus Lord Almighty!

      Sarcasm! You must be super smart. Thanks for the /s so us idiots understand your poignant wisdom.
      willfordcr
  • So what should noobies do?

    I'm a home user with Win XP Pro SP3 and IE8 (and I use Outlook Express 6, which seems to be part of IE 8 in some ways).

    So, what do you all think I should do?
    -- Run the FixIt at http://support.microsoft.com/kb/2847204 ?
    -- Download the Enhanced Mitigation Experience Toolkit (EMET)? (And which version - 3.0 or 4.0?) But EMET looks a bit advanced.

    Thanks.
    glnz
  • One word...

    Son, I have one word for you. Remember this: Chrome.

    Got it?
    Den2010
    • Re: One word........

      Why would I want to chrome my bumper, tailor hitch or my wheels!!!!!!!
      Disgruntled_MS_User
  • patch patch patch, sigh.....

    time to switch back to FF till MS gets its act together, sheeeshhh.
    vger_z
    • Why? Just run the FIXIT

      It took 30 seconds or less. On our work machines we run EMET, on my home machine I will just run the fixit and move on, nothing to see here.
      hoppmang
  • Seriously

    All Companies believe they need no regulations.
    That beign said its not true.
    Microsoft Browser IE is a shamful mess!
    I'm tired of paying for buggy OS's.
    These days the Tech industries remind me of the Automobile industries.
    SHAMKEN
  • Microsoft reports IE zero-day attacks

    Can't say I'm worried about this. Most people go to the same 5 trusted sites anyway which are not harmful. I have full faith Microsoft will release a patch to negate this exploit.
    Loverock-Davidson
    • Mr. Davidson

      Now would be a very good time to put Internet Explorer on ice for a bit (until it's patched) and use the web browser that you love the most, Mozilla Firefox. :)

      P.S. A better description than 'trusted sites' is 'legitimate, frequently-visited sites'. And these sites do get hacked by the malware miscreants. Look-up so-called watering hole attacks.
      Rabid Howler Monkey
      • Wasting your time

        trying to engage with or educate Loverock - as usual he is talking out of his telnet port....
        The Central Scrutinizer
  • Attacks may be blocked by..

    Switching to Linux permanently. I did it back in 2001 and have never gotten a virus since.
    I use Robolinux which makes Windows 7 & XP 100% immune to all Viruses & Malware!

    Imagine never getting a virus or malware again for the rest of your life on Windows 7 or the soon to expire Windows XP. Many people don't want to or cannot afford to upgrade to Windows 7 or 8. That's no problem when you run XP inside Robolinux which does not require any Windows security updates and saves you hundreds of dollars!
    ITJohnguru
  • Browser Issues

    Microsoft is slow in fixing these kind of bugs in IE. They do patch update late to see the after effects. It may be they think that they hold more than 60% of browser market.

    www.internetobject.com
    Steve Freeman
  • IE?! Why should this be news?! Is anyone still using it?

    Sorry for the sarcasm. Moved on to MAC OS and Linux throughout the house. Sorry Microsoft, it's this kind of indecision, slow to react, crowd the user with bloatware in deference to your corporate commercial commitments that has you losing users like a baboon with hemorragic fever. Download Linux Ubuntu 13.04 today.
    johnroberts1961
  • IE zero-day flaw AGAIN???

    Looks like I'll keep on never using IE until a patch is in place. Then. after that, I'll still never use IE.
    harry_dyke
  • INTERNET EXPLORER

    Who uses IE these days?

    Anybody?

    I have the Office Suite on my iMac, but I haven't used it for years.

    Microsoft is rapidly becoming irrelevant.
    johninsapporo
  • I'll settle it in one word...

    "Microscrap"... So March 25 - Before April 8, My Desktop will go to a Linux OS. My new shinny
    expensive laptop - I guess it will have to suffer with Win 8, until I change my browser to a non
    Windows one...
    lebulldog