Microsoft Rushes Fix For Exploited Internet Explorer Flaw

Microsoft has been forced to push out a workaround solution for a flaw in Internet Explorer, which has been exploited in the wild.

Reports have indicated attacks saw Internet Explorer 8 and 9 users directed to a site serving up malicious content.

Internet Explorer attacks

“There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type,” Microsoft said in an advisory.

“This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message.

“We also encourage customers to exercise caution when visiting websites and avoid clicking suspicious links or opening email messages from unfamiliar senders.”

Microsoft has recommended applying its Fix It solution, which can be found here.

It also suggested turning Internet and local intranet security zone settings to ‘High’ to block ActiveX Controls and Active Scripting. This will affect usability, said Microsoft, but will prevent the attackers’ exploit code from running.

Users could also activate prompts before running Active Scripting, or disable Active Scripting altogether.

Microsoft has had a troubled month in security. It had problems with a slew of fixes as updates were listed as still required even after installation. The company had to pull another buggy update entirely.

How much do you know about information security? Try our quiz and find out!