Microsoft Warns Of New Zero-Day Flaw Affecting IE 6-8

Posted By: Chad Buenaflor In: PC/Laptop, Tech On: 30 Dec

Microsoft has released a bulletin stating that a new zero-day vulnerability has been discovered that could possibly affect older versions of its browser. The security flaw allows hackers to gain control of an affected Windows computer and be used to host a website. Those who are still using Internet Explorer 6 to 8 could be affected by this while those running IE 9 and 10 are immune.

According to the security advisory 2794220 of Microsoft “The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

This flaw was used on visitors of the Council of Foreign Relations website who were using older browsers. Apparently the site has been hosting the malicious code since December 21.

Microsoft has released a suggested workaround to this problem on their website. The company is also working on a patch that will fix this although the exact timeframe as to when it will be released is yet unknown.

The best way to avoid this security flaw is to update your current IE browser to the latest version, either IE9 or IE10. As an alternative you can also use other popular browsers such as Google Chrome or Mozilla Firefox.

If you really want to use the older versions of IE then security experts suggest that you disable JavaScript, disable Flash, disable the MS-help protocol handler and also making sure that Java6 does not run.