While Mozilla and Google have the luxury of releasing a new version number to combat such zero day flaws, Microsoft has to be on the lookout for such vulnerabilities on Internet Explorer.
So widespread is the company’s flagship web browser that even newly discovered flaws like these carry the potential of wreaking havoc upon computers around the globe. And this is reason why Redmond recently released a Fix It tool for this new vulnerability affecting all version of Internet Explorer.
The technology titan also confirmed that it has had reports of attacks aimed at IE 8 and IE 9 users.
Ever reliable, Wolfgang Kandek, the CTO of Qualys has put up a new blog post explaining how exactly the cybercriminals are trying to exploit this 0-day flaw using compromised sites with JavaScript codes.
He recommends users to block these pages:
“The attacker exploits the vulnerability by setting up a malicious webpage which uses JavaScript code to prepare a user-after-free condition, where previously allocated memory, whose content the attacker can control, is accessed after it has been marked as not used anymore.
The exploit depends on a Microsoft Office DLL which has been compiled without Adress Space Layout Randomization (ALSR) to locate the right memory segment to attack, but this DLL is extremely common and most likely will not lower the affected population by much.”
Some of these attacks have targeted Japanese users. But this does not mean that everyone is protected, more so now that the exploit is now in the open.
It is a good idea to download and deploy the Fix It tool that Microsoft released as soon as possible. A dedicated patch is also expected next month on Patch Tuesday to address this key security vulnerability.
