Microsoft confirms IE bug, offers a temporary fix

By siliconindia | Friday, 24 December 2010, 11:11 IST

Bangalore: Confirming the presence of an unpatched vulnerability in all versions of its Internet Explorer (IE) browser, Microsoft has issued a warning that attackers can exploit by persuading users to visit a rigged web site. The company acknowledged that the bug could result in the execution of remote code. The bug affects Internet Explorer versions 6, 7 and 8. Users can be exploited if they visit a web page hosting the exploit. Microsoft claimed that IE7 or IE8 on Windows Vista and Windows 7 are less likely to be affected by a successful attack because they have a feature called 'Protected Mode,' which prompts users before letting them install, run or modify certain operating system components. The technical advisory released by the company states that the vulnerability exists due to the creation of uninitialized memory during a Cascading Style Sheets function within Internet Explorer. The newly discovered bug was first disclosed by the IT security firm Vupen on December 9. A video demonstration of an attack was posted by researchers on Tuesday. Microsoft has then introduced a temporary fix for the bug called the The Enhanced Mitigation Experience Toolkit 2.0 (EMET). The company also offers instruction on how to configure this fix to prevent attacks. This is a free download and is available on the company's website. The company is working on a permanent fix for the problem.

siliconindia

Siliconindia

Microsoft confirms IE bug, offers a temporary fix

Featured Vendors

Singh Biotechnology: Unlocking the “Undruggable”

Eagle888: Bridging Global Capital and APAC Real Assets

Fixpliance AI: Fixing Compliance at the Speed of AI

Harness: Unified AI Platform for Faster, Safer Delivery

Straiker: Unlocking AI’s Future

Mem0: The Missing Link in AI at Scale