Critical zero-day endangers all versions of Internet Explorer — and XP isn’t getting a fix

According to a confirmation by Microsoft late last night, a new zero day vulnerability has been found to affect every version of Internet Explorer. In other words—over a quarter of the entire browser market.

Attacks taking advantage of the vulnerability are largely targeting IE versions 9, 10, and 11 in something called a “use after free” attack. Essentially, the attack corrupts data as soon as memory has been released, most likely after users have been lured to phony websites. Microsoft explains:

The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Microsoft is currently investigating the issue and will likely release an out-of-cycle security patch to take care of the problem. Let’s just hope it comes soon, because according to security firm Fire Eye, this means that about 26 percent of the entire browser market is at risk.

Advertisements

One thought on “Critical zero-day endangers all versions of Internet Explorer — and XP isn’t getting a fix

  1. My Hotmail has not worked for quite some time .A company looked at it for free they said ,but I ended up paying 299 dollars they said they worked with Microsoft to fix problems .I’m suppose to have lifetime fixes from Microsoft ,but they have not even found .it,s not the money .I have 2 years tech support .I just didn’t get a contract about the lifetime support from MS.Oh yes, I also have an XP with all the up grades. I use it very seldom because it is not supported now. Thanks Microsoft. It still works great.
    I’m sending the repair bill to Microsoft
    To many problems over the years
    Think it is about time for class Action Suit.
    See what other people think.
    One more thing. ass##les that were screwing up my system were in some other country

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s