Microsoft have issued a security warning covering versions of Internet Explorer from 6 through to 11.

An attacker who successfully exploits the vulnerability could gain the same user rights as the current user. 

Like most potential exploits in IE it is a memory access issue, specifically corrupting areas of memory; ultimately allowing the execution of arbitrary code in the context of the current user within Internet Explorer.

The attack requires the user to directly visit a webpage containing the exploit in order for the attack to succeed. The user would need to be convinced to visit the site, perhaps via an email link or an advert on another web page.

The best line of defence for IE user is always to be vigilant and not click on any links which seem suspicious or from users you do not normally communicate with.  In addition, having good anti-malware tools and up to date security and software updates applied is important.

See the complete Security Advisory 2963983 from Microsoft for details.

Microsoft have yet to release a fix.  They will also be faced with the dilemma of what to do with Windows XP and IE8.  

XP reached end of life a few weeks ago and there will be no further updates, however will Microsoft roll out the fix for IE on XP?  Given that the exploit appears to be in IE I guess they will update all versions of Internet Explorer, regardless of platform.

site by DAJ