Following the disclosure of a potential vulnerability in Microsoft’s Internet Explorer browser by a computer security firm, security research team of the company is rushing to fix the bug in quick time. Some reports suggests that a handful of hackers have already started exploiting the vulnerability in attacks on some U.S. companies.
Microsoft Security Advisory 2963983 provides general information about the vulnerability.
An advisory 2963983 about the nasty flaw issued by the software-giant outlined the vulnerability could allow a hacker to take complete control of an affected system, then do things such as viewing changing, or deleting data, installing malicious programs, or creating accounts that would give hackers full user rights.
Which versions of browsers are at risk? Internet Explorer 6 through 11 are all at risk, on all current versions of Windows from Vista to 8 and Windows Server 2003 to 2012 R2. The bug is likely to be present in IE on Windows XP but the operating system is no longer supported.
“It’s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,” FireEye spokesman Vitor De Souza said via email. “It’s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.”
FireEye, the firm that discovered the threat didn’t divulge much details citing ‘investigation into the matter is still active’ as the primary reason.
Microsoft suggests a few other workarounds, such as switching on IE’s Enhanced Protected Mode or setting security levels to “High” to stop ActiveX controls and Active Scripting working. The company failed to report when a patch would arrive, but has hat-tipped FireEye for helping it to find the flaw.
There are a number of excellent browsers available for free totally free and without Bing bias. Users can switch to these browsers until the patch is made available. For more information, read the Security Advisory 2963983