Microsoft warns of zero-day vulnerability in Internet Explorer


Microsoft warns of zero-day vulnerability in Internet Explorer

Warwick Ashford

Microsoft has issued a security advisory warning of a zero-day vulnerability in its Internet Explorer browser versions 6, 7 and 8 that could allow remote code execution.

The company said it is monitoring targeted attacks attempting to exploit this vulnerability.

"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update," the advisory said.

According to Microsoft, a security feature known as Data Execution Prevention (DEP) helps protect against attacks that result in code execution.

DEP, a feature first implemented in 2005, prevents the exploit from executing successfully, said Wolfgang Kandek, chief technology officer at security firm Qualys.

DEP is enabled by default in Internet Explorer 8 on the following Windows operating systems: Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista Service Pack 2, and Windows 7.

Upgrading to IE8 with DEP is highly recommended as a mitigation until Microsoft can issue a security patch, said Kandek.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy