The Hacker News

on Wednesday, 18 September 2013
 

 

The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

Microsoft issues Emergency Fix for Internet Explorer zero-day exploit
9/18/2013 2:26:00 PM

All supported versions of Internet Explorer are vulnerable to a zero-day Exploit that is currently being exploited in targeted attacks against IE 8 and IE 9, dubbed "CVE-2013-3893 MSHTML Shim Workaround".

Microsoft confirmed that the flaw was unknown before the attacks and that it is already working on an official patch, meantime Microsoft released an emergency software fix for Internet Explorer (IE) Web browser.
Advisory noted that Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer.

This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. Victims could be infected despite the adoption of all necessary countermeasures due the nature of the flaw previously unknown.

The flaw that has been recently targeted by hackers during attacks is considerable serious and complicated to fix. State-sponsored hacking groups are often willing to pay hundreds of thousands of dollars for zero-day vulnerabilities in widely used software such as Internet Explorer.

In the specific case if the attacker successfully exploited the zero-day vulnerability could gain the same user rights as the current user, due this reason MS confirmed that whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft's advisory also says that EMET (the Enhanced Mitigation Experience Toolkit) may be used to mitigate against the vulnerability.

Author details

photo

is Company Director, Researcher, Security Evangelist, Security Analyst and Freelance Writer. Security expert with over 20 years experience in the field. The passion for writing and a strong belief that security is founded on sharing and awareness led me to found the security blog 'Security Affairs' He is also Author of the book "The Deep Dark Web". Follow him @ Facebook | | | Twitter

Latest Hacking News Updates

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)