aNewDomain.net — Over the weekend Microsoft confirmed an Internet Explorer zero day exploit, highlighting a vulnerability that can allow hackers to attack the IE browser and the operating system it runs on.
The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
Hackers can exploit the browser and attack the PC when users visit a website. Internet professionals are strongly recommending that customers not use Internet Explorer until Microsoft uploads a patch for it. There are many browser alternatives to IE including Chrome, Opera and Firefox.
Virtually all versions of Internet Explorer are vulnerable. The exploit was discovered by FireEye, who observed attacks against Internet Explorer versions 9 – 11, though all versions of Internet Explorer are affected.
Although Microsoft will develop a patch for Windows XP, it will only release it to preferred customers who are paying $200 a year per PC for security patches. Windows XP users should not use IE again. Or better still; upgrade the 13-year-old operating system.
If customers must use IE, Microsoft recommends using it in Enhanced Protected Mode.
FireEye just discovered the exploit, but hackers may have known about it for years. And like the HeartBleed vulnerability that was discovered earlier this month, it has underscored the unknown pernicious security flaws that hackers can use to compromise data.
A zero day exploit — an attack that exploits a previously-unknown vulnerability — means that the attack occurs on “day zero” of awareness of the vulnerability. The Internet Explorer zero day exploit means that the developers have had zero days to address and patch the vulnerability.
Stop using it now and wait for an update.
For aNewDomain.net, I’m Dino Londis.