Microsoft has finally issued a security advisory addressing the IE zero-day that has been recently actively exploited in attacks in the wild, and has followed with a Fix it tool to temporarily mitigate the issue until a patch is released. This zero-day is a remote code execution vulnerability, which may corrupt memory and allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. The vulnerability is easily triggered, and requires the targets to simply visit a specially crafted website hosting the exploit, or websites that accept or host user-provided content or advertisements that could exploit the vulnerability. It’s only a matter of luring users to such a site. <more>
Menu