A newly discovered flaw affecting several versions of Microsoft’s Internet Explorer has left a significant portion of the world’s web browsers vulnerable to attack.
Disclosed in an unusual Saturday alert from Microsoft, the flaw is being called a serious “Zero Day” vulnerability by security company FireEye, which claims it affects more than 56 percent of the world’s web browsers currently in use.
It’s a remote code execution vulnerability, which in English means a bad guy can make a target computer run software after a successful attack. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft’s alert reads. The phrase “arbitrary code” means pretty much any software that the attacker chooses to run.
In a post to its Security Response Center blog, Microsoft explains that the company has so far seen only “limited attacks” exploiting the vulnerability. It says attacks typically occur when a target has been convinced to click on a link.
FireEye, in a post of its own has declared the exploit a zero-day vulnerability, so named because they’re undisclosed or leave potential victims with zero days of warning. The company claims a gang of attackers has already launched a campaign exploiting the flaw.
Read the rest here.