DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
May 24, 2019 
Main Menu
News archives

Who's Online
There are currently 233 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Zero-day IE flaw also impacts Windows 7

Posted on Tuesday, September 18 2012 @ 18:39:45 CEST by

Microsoft logo
Yesterday I wrote about a zero-day security bug in Internet Explorer 7 and 8 that's being actively exploited by cybercriminals. The bug was thought to affect only these older versions of Internet Explorer, but new information points out that Internet Explorer 9 is also vulnerable, meaning Windows Vista and Windows 7 systems are also at risk of being infected.

The only version of Internet Explorer that's not vulnerable is IE10, but this browser is currently only available in the Windows 8 release previews. Microsoft investigated the issue and said it's working on a patch, but did not confirm whether it would be an out-of-cycle update. Given the high risk and the fact that the bug is already actively being exploited, it seems likely that the patch will be rolled out asap.
"We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue," blogged Yunsun Wee, director of the Microsoft Trustworthy Computing Group.
In a security advisory, Microsoft explains the bug is related to the way Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability allows attackers to corrupt memory in a way that enables the execution of arbitrary code. By serving a specially crafted website, cybercriminals can exploit the vulnerability to infect a victim's PC with malware.

Until a patch is available, Microsoft recommends the following mitigations:
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
  • Set Internet and local intranet security zone settings to "High" to block ActiveX controls and Active Scripting, and add trusted sites to the Trusted Sites zone to minimize your browsing disruption.
  • Configure IE to prompt before running Active Scripting or to disable Active Scripting in the Internet Explorer and local intranet security zones. This also affects usability, so MS recommends to add trusted sites to the Trusted Sites zone to minimize disruption.
  • Alternatively, you can also (temporarily) switch to another browser like Firefox or Chrome.



    DV Hardware - Privacy statement
    All logos and trademarks are property of their respective owner.
    The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba