U.S. Government: STOP USING INTERNET EXPLORER

3

Advertisement

InternetExplorerLogoThe United States Computer Emergency Readiness Team (US-CERT) is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.

Thank you for reading this post, don't forget to subscribe!

US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.

Note that this vulnerability is being exploited in the wild. Although no Adobe Flash vulnerability appears to be at play here, the Internet Explorer vulnerability is used to corrupt Flash content in a way that allows ASLR to be bypassed via a memory address leak. This is made possible with Internet Explorer because Flash runs within the same process space as the browser. Note that exploitation without the use of Flash may be possible.

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code.

We are currently unaware of a practical solution to this problem.

Read more in the full article here.

About Post Author

(Visited 11 times, 1 visits today)

Verified by MonsterInsights