What happens is that the attack can corrupt data after an event such as a user being lured to a phony website. According to Microsoft Security Advisory 2963983:
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
Of course, upon discovery of the new vulnerability, Microsoft has been rushing to fix the bug. In the same Security Advisory, Microsoft declares that this “may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs”.
Needless to say, users who are still on Windows XP will not be receiving any help on this matter. One simple fix for these users? Use another Internet browser.
On the bright side, individual users may not have that much to worry about as it seems that the attacks are being carried out against U.S.-based firms which are in the defense and financial sectors, this is according to FireEye spokesman Vitor De Souza.
Still, one cannot be too careful when it comes to online security, and you never know just what the hackers might have in the pipeline. There’s no word yet as to when a fix will be released, but with such a serious bug, Microsoft should be rather fast with this.
[Image via Logo Databases]
Post a Comment