comScore

Internet Explorer Flaw Big Enough for Microsoft to Issue Warning

Microsoft isn’t one to readily admit that they’re dealing with a major security flaw, in that they’re not going to publicize the fact. To be fair, most technology companies aren’t often the ones that come forward with potential exploits. Someone, or some group, usually has to first do some damage before these loopholes get closed with any speed. A major exploit that works across operating systems? Well, that’s another story. Microsoft has already responded to the latest critical exploit found in Internet Explorer 6, 7, 8, and 9, but the help provided might not do much.

This is the issue according to the security advisory released by Microsoft:

A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

That doesn’t really address the biggest concern with this exploit, however. According to Ars Technica, Internet Explorer was exploited using this particular maneuver on Windows XP, Windows Vista, and Windows 7. A vulnerability being used like this across multiple browser versions and operating systems is rare, but could cause major issues.

Microsoft’s recommended course of action? Download the Enhanced Mitigation Experience Toolkit. Our recommendation? Avoid the whole possibility by using a different browser.

(Microsoft via Ars Technica, image via Simon Bisson)

Relevant to your interests

Have a tip we should know? tips@themarysue.com

Filed Under:

Follow The Mary Sue: