According to a statement released on Microsoft’s website, the vulnerability has already been exploited, as the company acknowledged some of the “limited, targeted attacks” on some of the browser versions. The vulnerability lies in Internet Explorer versions 6 up to 11.
This new cyber security exposure comes in the heels of the Heartbleed vulnerability earlier this month creating an impression of software and cyber security’s increasing presence.
The vulnerability has been identified as being a remote code execution vulnerability. The vulnerability may corrupt memory in a way that gives a cyber-attacker room to execute arbitrary code as a current Internet Explorer user.
By hosting a specially crafted website the attacker can then exploit the vulnerability and convince a user to view the website. This creates a platform for “phishing” in which information is gathered at targeted victims through social engineering.
A successful attacker may gain the same user rights as another current user and if the user is logged on with administrative rights this gives the attacker control of the system. This creates several problems that can include viewing private information, deleting or changing data as well as program installation.
No information has been provided on the areas or geographical regions affected the most by this vulnerability even though concern is widely expressed due to IE’s huge market presence. According to statistics on Zimbabwean internet usage, Internet Explorer is the second most popular browser on the local market with a 29.24% share in the year ending March 2014.
Microsoft has pledged to take necessary action to protect its customers after concluding its investigation which might include a solution through security product releases. This leaves Windows XP users exposed as support for the OS was terminated. In the meantime Microsoft has suggested enabling its Enhanced Protection Mode for IE 11 on Windows 7 for x64 based systems as well as Windows 8.
The other solutions offered by Microsoft include installing the free EMET (Enhanced Mitigation Experience Toolkit) security tool, adjusting security settings and disabling Active Scripting. But then again it could be just easier to switch to another browser.