Microsoft warns of zero-day vulnerability in Internet Explorer

Microsoft has issued a security advisory warning of a zero-day vulnerability in its Internet Explorer browser versions 6, 7 and 8 that could allow remote code execution.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The company said it is monitoring targeted attacks attempting to exploit this vulnerability.

"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update," the advisory said.

According to Microsoft, a security feature known as Data Execution Prevention (DEP) helps protect against attacks that result in code execution.

DEP, a feature first implemented in 2005, prevents the exploit from executing successfully, said Wolfgang Kandek, chief technology officer at security firm Qualys.

DEP is enabled by default in Internet Explorer 8 on the following Windows operating systems: Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista Service Pack 2, and Windows 7.

Upgrading to IE8 with DEP is highly recommended as a mitigation until Microsoft can issue a security patch, said Kandek.