Experts from Microsoft and Symantec found on the web a malicious website could exploit a previously unknown bug in Internet Explorer. The vulnerability exists in IE6 to IE8, affecting all supported versions of the browser. No information about Internet Explorer 9, he is still in testing phase (beta).
Information about the attacks are still very limited. Microsoft says Protected Mode is enabled by default in IE7 and IE8, is able to reduce the impact of failure, because it reduces the actions that a criminal can do on the PC. The use of the Data Execution Prevention (DEP) can prevent their exploitation.
The DEP is enabled by default in Internet Explorer 8, but not in earlier versions of the browser. Users of earlier versions of the browser page can access the Microsoft website to download a program that activates the feature.
Information about the attacks are still very limited. Microsoft says Protected Mode is enabled by default in IE7 and IE8, is able to reduce the impact of failure, because it reduces the actions that a criminal can do on the PC. The use of the Data Execution Prevention (DEP) can prevent their exploitation.
The DEP is enabled by default in Internet Explorer 8, but not in earlier versions of the browser. Users of earlier versions of the browser page can access the Microsoft website to download a program that activates the feature.
The company also said on page alert, the security tool EMET is able to protect Internet Explorer against the exploitation of the flaw.
A vulnerable user to visit a malicious web page will be immediately infected with viruses that are desired by criminals. The only page that exploited the problem is already off the air, however, and the code has not been published, which for now must prevent widespread attacks happen.
A fix to the problem is being created. The November monthly updates must arrive in 9 days, but it is unclear whether Microsoft will release a fix already, if will release an emergency fix and "out of hours later", or if you wait until the next update package, the Dec. 14.
A vulnerable user to visit a malicious web page will be immediately infected with viruses that are desired by criminals. The only page that exploited the problem is already off the air, however, and the code has not been published, which for now must prevent widespread attacks happen.
A fix to the problem is being created. The November monthly updates must arrive in 9 days, but it is unclear whether Microsoft will release a fix already, if will release an emergency fix and "out of hours later", or if you wait until the next update package, the Dec. 14.
No comments:
Post a Comment