Sunday, 30 December 2012

IE flaw may allow Windows PCs to be hijacked, Microsoft warns

Zero-day vulnerability affects versions of the Web browser from IE 6 through IE 8 but not later versions, the company says in a security advisory.

Microsoft has confirmed that a zero-day vulnerability affecting older versions of Internet Explorer could allow attackers to gain control of Windows-based computers to host malicious Web sites.
The company acknowledged the issue in asecurity advisory yesterday that included advice on how users can mitigate the threat posed by the flaw.
Internet Explorer"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability throughInternet Explorer 8," Microsoft said, noting that more recent versions of the Web browser, including IE 9 and IE 10, were unaffected.
The remote code execution vulnerability affects the way the browser accesses memory, allowing an attacker to use the corrupted PC to host a Web site designed to exploit the vulnerability with other users.
 In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

"We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability," Kindlund wrote.The flaw has reportedly been used to exploit Windows PC users who visited the Web site for the Council on Foreign Relations, a nonpartisan think tank specializing in U.S. foreign policy and international affairs. The site has been hosting the malicious code since at least December 21, Darien Kindlund, senior staff scientist at security advisor FireEye,wrote in a blog Friday.

Web Designing Karachi hosting packages Web Designing e-commerce CMS website designing karachi Web Designing Pakistan Website Design Website Designing Web Hosting Web Design floor levelling Polished concrete sydney epoxy coatings glue removal concrete repairs concrete coatingsAtta ur rehman Architectural Walkthrough Architectural Visualization Architectural Rendering 3D Animation Product Animation 3D Modeling Corporate Presentation 3D Images Real Estate Publicity Multimedia Presentation umrah packages cheap umrah packages cheap Umrah tickets cheap Umrah flights umrah flights umrah tickets flights to Umrah cheap flight to jeddah flights to jeddah umrah jeddah flights umrah flights from London cheap flights to umrah

No comments:

Post a Comment