On April 26, 2014, Microsoft has officially confirmed a new zero-day vulnerability that affects all versions of its popular Internet Explorer browser. There is currently no fix as Microsoft is investigating and creating a patch. We recommend switching to another browser to prevent any attacks.

How does it work?

FireEye Research labs identified the vulnerability and determined it bypasses both Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) techniques. The attack exploits something called a 'use after free' attack and seems to originate in Flash operations. Microsoft explains it as:

"The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."

In plain speak it means that an attacker can force a computer to run software after successfully infiltrating it.

Who is at risk?

It is limited to only the Internet Explorer web browser, however it affects all versions 6 through 11. This leaves half of the world's browser market in potential danger.

How widespread is it?

Microsoft says they have seen only “limited attacks” exploiting the vulnerability so far. They also say attacks occur normally when a someone has been convinced to click on a link. They are currently investigating and will likely release a security patch to take care of the issue. Windows XP users, however, will not be getting a patch as Microsoft officially ended support for the operating system on April 8, 2014.

How do I fix it?

For those who use the Internet Explorer browser there is no current fix as Microsoft has yet to release a patch. You can, however simply switch to other browsers such as Chrome, or FireFox, or even Opera to prevent any attacks.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!