Monday, December 31, 2012

Microsoft warned about vulnerabilities in Internet Explorer

Microsoft in the past weekend reported the discovery of a serious vulnerability in the browser Internet Explorer.

According to the corporation, vulnerability affects versions of IE 6, 7 and 8, where the vulnerability is already in operation on the Internet and potential attackers can now use it. The company said that working hard as soon as possible to release a fix.

In addition, the company's engineers have proposed a temporary maneuver, can significantly reduce the likelihood of execution attacks. In a statement from Microsoft on December 29, said the company is aware of cases in targeted attacks on computers using a browser up to version IE8. Newer versions borauzera, including IE9 and 10 is not affected, however, and for these people the company is also preparing an update to fix a potentially dangerous element.

According to several IT companies, hackers have posted an exploit on the site of the American non-partisan organization Council on Foreign Relations in New York and Washington. So, last Friday the company FireEye reported that the site was compromised and the CFR on it a code, which in closed forums has been fixed on December 21. Code itself initiates an attack like drive-by.

Darien Kindlund, Senior Research FireEye says CFR site uses Flash Player and a special code is embedded in the video. At present it is unclear whether the Flash Player vulnerability itself or is it a pure browser-based vulnerabilities.

On Saturday, the company AlientVault specified that the code is able to bypass the proprietary technology of Microsoft DEP (data execution prevention) and ASLR (address space layout randomization), successfully attack Windows XP and Windows 7. Also in AlientVault warned that already warned of malicious code to Microsoft Security Response Center.

No comments:

Post a Comment