headerIMG

Apr 29, 2014 9:33:44 PM

Security warning for all versions of Internet Explorer

US-CERT - warning of security vulnerability in Internet ExplorerThe US Department of Homeland Security posted a warning of vulnerabilities in Microsoft's Internet Explorer web browser on their US-CERT website. The vulnerabilities could allow an attacker to execute an unauthorized remote code execution  on versions 6-11 of Internet Explorer. The Department of Homeland Security went as far as to urge the public to use an "alternative browser" until the bug is patched. 

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The discovery of this vulnerability (Microsoft Advisory 2963983) is surprising since it affects every active version of Internet Explorer on every version of Microsoft's operation system.

The use-after-free vulnerability would allow for a remote code execution which could be used in phishing schemes or other exploits--including a complete take over of the affected system. An attacker who successfully takes advantage of this vulnerability could inherit the same system rights as the computer user they attack.

An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

The vulnerability was revealed to Microsoft by the cyber security firm FireEye. The vulnerability was announced on Microsoft's advisory service website on April 26, 2014.

SOURCE:

  • Microsoft Security Advisory: 2963983
  • https://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

Tel 212-993-7809  

Ironpaper ®
10 E 33rd ST 
6th Floor
New York, NY 10018
Map

Partner With Ironpaper

B2B Marketing and Growth Agency.

Grow your B2B business boldly. Ironpaper is a B2B marketing agency. We build growth engines for marketing and sales success. We power demand generation campaigns, ABM programs, create B2B content, strengthen sales enablement, and improve B2B marketing efforts.

Ironpaper Twitter Ironpaper Linkedin