Comments Subscribe to Personal Liberty News Feed Subscribe to Personal Liberty
 

Microsoft Reveals New Zero-day Vulnerability Affecting Internet Explorer

REDMOND, Wash., April 28 (UPI) — Microsoft confirmed Saturday that a new security vulnerability was affecting all versions of Internet Explorer by allowing “limited, targeted attacks.”

Microsoft said it was investigating the security glitch, which allowed for remote code execution, and affected all versions of Internet Explorer — IE 6 through 11. Currently versions 9, 10 and 11 are being attacked, according to FishEye, the research firm that alerted Microsoft to the vulnerability Friday.

The attacks are taking advantage of “use after free” vulnerability — a little known vulnerability that allows data corruption after memory has been released.The vulnerability also bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.

“The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past,” FireEye said. “They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.”

Windows server versions that run on Internet Explorer in the default Enhanced Security Configuration are not vulnerable unless an affected site is placed in the Internet Explorer Trusted sites zone.

Microsoft said it was investigating the vulnerability and would issue an security update to address the problem.
Ananth Baliga

UPI - United Press International, Inc.

Since 1907, United Press International (UPI) has been a leading provider of critical information to media outlets, businesses, governments and researchers worldwide.

Facebook Conversations

Join the Discussion:
View Comments to “Microsoft Reveals New Zero-day Vulnerability Affecting Internet Explorer”

Comment Policy: We encourage an open discussion with a wide range of viewpoints, even extreme ones, but we will not tolerate racism, profanity or slanderous comments toward the author(s) or comment participants. Make your case passionately, but civilly. Please don't stoop to name calling. We use filters for spam protection. If your comment does not appear, it is likely because it violates the above policy or contains links or language typical of spam. We reserve the right to remove comments at our discretion.

Is there news related to personal liberty happening in your area? Contact us at newstips@personalliberty.com

Bottom
close[X]

Sign Up For Personal Liberty Digest™!

PL Badge

Welcome to PersonalLiberty.com,
America's #1 Source for Libertarian News!

To join our group of freedom-loving individuals and to get alerts as well as late-breaking conservative news from Personal Liberty Digest™...

Privacy PolicyYou can opt out at any time. We protect your information like a mother hen. We will not sell or rent your email address to anyone for any reason.