(The Hosting News) – Microsoft moved hastily on Monday to address a newly discovered vulnerability affecting its Internet Explorer 7 and 8 web browsers. According to a BBC report on Tuesday, hackers were making use of it to spread a trojan virus known as Poison Ivy.
The exploit was initially discovered recently by Eric Romang, a security specialist working for ZATAZ.com. Romang stumbled upon the vulnerability when analyzing servers used by a group called Nitro.
The emergence of a new vulnerability shortly follows a previous Zero-Day exploit, noted for affecting Oracle’s Java.
Microsoft, meanwhile, responded by signaling that it was investigating the issue. The company also emphasized that its latest version of the browser, IE 10, was not at risk.
“A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website,” said the company.
To deal with the threat, the Windows-maker said it’d look at featuring a solution via a security update.
The threat remains high with Symantec research manager Liam O Murchu telling the BBC that it remains “very difficult for people to protect themselves.”
Microsoft has routinely had to issue security updates that concern exploits allowing hackers to infiltrate user systems. In July, the company urged users to disable Windows sidebar and gadgets via a fix after it was discovered that hackers could exploit the software with arbitrary code.
|Linux and Windows VPS Hosting |
* Burstable RAM & Guaranteed CPU
* Fast RAID-10 and Teir-1 redundant bandwidth
- Hackers Disguise Trojan with Popular Proxy
- Exploit Info Leaked as Microsoft Urges Patch
- Facebook Employees Hit with Malware Exploit
- Oracle Issues Patch After Latest Java Exploit
- Security Exploit Discovered In Online Cashier Systems