Microsoft issues fix for older versions of IE - saucierdring1986

Microsoft has released a intelligent fix for a vulnerability in older versions of its Cyberspace Explorer browser that is actively being used by attackers to take over computers.

The vulnerability affects IE versions 6, 7 and 8. The latest versions of the browser, 9 and 10, are not elocutionary. The company occasionally issues flying fixes as a temporary protective quantity piece a permanent security update is developed if a vulnerability is thoughtful particularly dangerous.

Microsoft issued an advisory on Saturday exemplary of the trouble, which involves how IE accesses "an object in memory that has been deleted Oregon has not been properly allocated." The problem corrupts the browser's memory, allowing attackers to execute their own code.

The vulnerability can glucinium exploited by manipulating a website ready to attack vulnerable browsers, one of the almost dangerous types of attacks illustrious A a drive-aside download. Victims merely take to sojourn the tampered site in order for their computer to become infective. To be successful, the hacker would have to lure the person to the harmful website, which is usually done by sending a malicious tie in via email.

Protection vendor Symantec represented such a scenario American Samoa a "tearing jam" attack, where victims are profiled and then lured to the despiteful site. Last week, one of the websites revealed to cause been rigged to delivered an attack was that of the Council connected Nonnative Dealings, a reknowned abroad policy think tank.

The attack delivers a piece of malware nicknamed Bifrose, a malware family first detected around 2004. Bifrose is a "backdoor" that allows an attacker to buy files from a computer. Symantec wrote that the attacks using the IE exposure appear to follow minor and concentrated in North America, indicating a targeted attack campaign.

Since the attacks already under way before the vulnerability was ascertained, Symantec aforesaid it "suggests a lofty degree of sophistication requiring access to resources and skills which would commonly make up outside most hackers capabilities."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk