CHIEF DIGITAL OFFICER

64K RAM SYSTEM | 38911 BASIC BYTES FREE


Microsoft reveals hole in IE, urges people to update their browsers —

Internet Explorer

Microsoft announced over the weekend that it is fixing a vulnerability in its Internet Explorer browser that could allow hackers to take over your PC.

“An attacker who successfully exploited this vulnerability could gain the same user rights as the current use,” the company explained in its security advisory. “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

The exploit only affects those Windows PC owners using Internet Explorer users who are running IE 6, 7, or 8 and takes advantage of Adobe Flash, “to generate a heap spray attack against Internet Explorer version 8.0,” according to security researchers at FireEye. A heap spray attack helps hackers insert their malicious code on a system, but must be paired with an existing security hole, such as the one in Internet Explorer, that gives them their point of entry into the targeted system.

Furthermore, victims are hit with the attack when they visit a website that is (sometimes unknowingly) hosting malicious code. In this case, a number of security firms including FireEye and AlienVault, note that the Council on Foreign Relations website was being used to infect anyone who visited it. FireEye says it first heard the CFR website was compromised on December 27, but according to its researchers, the site could have been infected as early as December 21.

Computerworld explains that the hackers are able to look at a specific group of people, or individuals, and target the attack to them by watching what websites they frequent. Whether the criminals wanted to attack specifically people who are interested in the CFR is unknown.

Microsoft says it is currently working on a fix and urges people to update their browsers to the most recent version of Internet Explorer. Keeping your systems up to date is one of our security resolutions for 2013. You can also use Qualys’ browser checker to make sure any plug-ins and your browser are up to date.

Depending on “customer needs” the fix may come in its regular batch of updates to IE, or in a separate, emergency patch.

Internet Explorer image via evil nickname/Flickr

 

Filed under: Security

Categorised as: Chief Digital Officer | Digital Media | Feedster

Comments are disabled on this post

Comments are closed.