Microsoft troubled by Internet Explorer security flaw
The US software company said that the coding problem affected all versions from six to 11 of its flagship browser, noting it was aware of "limited,targeted attacks" taking advantage of the newly discovered flaw.
Microsoft says that an attacker who successfully exploits the vulnerability could gain the same user rights as the official user.
"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," Microsoft said on its security website.
"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."
Cybersecurity firm FireEye, which took credit for identifying the flaw, said hackers were exploiting the bug in a campaign nicknamed "Operation Clandestine Fox."
Users still relying on Windows XP could be especially vulnerable because Microsoft stopped supporting the older operating system with security patches and other software updates earlier this month.
The flaw follows the discovery of the "Heartbleed" flaw in Internet security and led to thousands of people, from website operators and bank officials to casual Internet surfers and governments, being told their data could be in danger.
Heartbleed allowed hackers to snatch packets of data from working memory in computers, creating the potential for them to steal passwords, encryption keys, or other valuable information.
Source: AFP via I-Net Bridge
Source: I-Net Bridge
For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.
We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.
Go to: http://www.inet.co.za