Microsoft has recently discovered a new security flaw in Internet Explorer, confirming that it's indeed aware of a limited number of attacks based on malicious websites.This new zero-day flaw is affecting all but two Internet Explorer versions on the market, with Microsoft claiming that Internet Explorer 10 and 11, which are offered as part of its modern operating systems Windows 8 and 8.1, are both protected against the attacks.
“Our initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, will help protect against this potential risk,” Microsoft said in a security advisory rolled out this morning.
“We also encourage you to follow the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software.”
The software giant explains that in order to successfully exploit the security flaw, an attacker needs to convince a user running any of the vulnerable versions of the browser to load a website that was previously compromised with malware specifically designed to exploit the issue.
“The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website,” it noted.
The company says that it's still looking into the flaw right now, but when its investigation will come to an end, a full-time patch to correct the flaw and keep users of all Internet Explorer versions on the safe side is very likely to be released.
“On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs,” it said.
Just as usual, Microsoft is recommending users to upgrade to newer versions of Internet Explorer that are protected against the flaw, but also to avoid clicking on suspicious links coming from unknown sources.
Running full-time anti-virus protection could also help if the security vendor ship virus definitions to block the malware also comes in handy. If you're still on Windows XP, you are strongly recommended to either stop using Internet Explorer or move to Windows 7 or Windows 8.1.