Thursday, November 4, 2010

Security Alert: Internet Explorer Zero-day Attack Could Allow Remote Code Execution

Microsoft has released an advisory (2458511) about a new zero-day attack vulnerability discovered for Internet Explorer which enables remote code execution.

IE users should be aware and download the patch upon its release - which is expected in the next few hours.

According to Microsoft,
"The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."
Microsoft is continuing to monitor this vulnerability, but expects the patch to mitigate the risks involved with using IE.