Microsoft IE Hit With New Zero Day Attack
Despite the efforts of Microsoft and independent security researchers at hunting down Internet Explorer security flaws, a previously unknown IE bug has appeared in the wild and is being used actively to hijack Windows systems, researchers said on Monday.
The flaw is in IE’s vector markup language (VML), according to security firm Sunbelt Software, which has spotted an exploit popping up on several Russian-hosted porn websites.
"Our security research team has observed a new zero day exploit being used to infect systems," said Eric Sites, Sunbelt’s vice president of R&D, on a company blog.
The vulnerability affects Windows and IE 6 with all patches applied, Sites said.
"The exploit uses a bug in VML in Internet Explorer to overflow a buffer and inject shellcode," he wrote. "It is currently on and off again at a number of sites."
The exploit in circulation installs spyware and attempts to hijack systems to be used in botnets, according to researchers. Sites said research is ongoing, and that Microsoft had been informed of the issue.
Users can mitigate the problem by turning off JavaScript, according to Sites.
-Matthew Broersma, Techworld.com (London)
Related Links:
- Code Posted for New Microsoft IE Attack
- Microsoft Patches Same Explorer Hole for Third Time
- Microsoft Expects to Release Only 3 Patches in Sept.
This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.
$firstKeyword
Receive the latest security news as it breaks.
