Microsoft Warns of Zero Day Bug Affecting Internet Explorer 6-8

Microsoft is currently investigating reports of a zero day bug affecting Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8, the company announced in a Security Advisory. At issue is a remote code execution vulnerability that would allow attackers to seize control of a Windows PC.

How it works is IE attempts to reference and use an object that had previously been freed. The components of an exploit for such a vulnerability are typically:

• Javascript to trigger the Internet Explorer vulnerability
• Heap spray or similar memory preparation to ensure the memory being accessed after it has been freed is useful
• A way around the ASLR platform-level mitigation
• A way around the DEP platform-level mitigation

Microsoft suggests disabling certain services while it works on a patch. Alternately, you can use an alternative browser like Google Chrome (shown above).

"The IE team is working around the clock to develop a security update to address this vulnerability for earlier versions of the product," Microsoft stated. " However, until the update is available, customers using Internet Explorer 8 can block the current targeted attacks by introducing changes to disrupt any of the elements of the exploit."

Those changes include disabling Javascript, disabling Flash, and disabling the MS-Help protocol handler along with ensuring "Java6" is not allowed to run.

The vulnerability is not present in IE9 or IE10.

Source: http://feedproxy.google.com/~r/HotHardware/news/~3/AgWP2X0mDMQ/

Geminid meteor shower right to work Clackamas Town Center 12 12 12 Anne Hathaway Wardrobe Malfunction jennifer lawrence man of steel