Security Corner

Apr 28 2014   5:23PM GMT

Stop using Internet Explorer – for now

Ken Harthun Ken Harthun Profile: Ken Harthun

Tags:
Security

Stop using Internet Explorer and switch to an alternative browser immediately. Microsoft just announced a zero-day vulnerability in Internet Explorer that is being actively exploited in targeted attacks; they have not yet issued a fix. All versions of IE are affected.

According to security firm FireEye, the attack, dubbed “Clandestine Fox,” is a remote code execution vulnerability. The Microsoft security advisory, CVE-2014-1776 says this:

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

This means that you don’t have to do anything at all except visit a poisoned website to be affected. There is no patch, but Microsoft is recommending that Internet Explorer users install its free Enhanced Mitigation Experience Toolkit (EMET) to harden security of Windows systems.

I recommend you stay away from IE entirely and run an alternative browser.

Be on the lookout for an out-of-band patch from Redmond.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: