A few days ago we told you about a critical vulnerability found in older versions of Internet Explorer and allows cybercriminals to control the computer remotely. The danger of this threat is already known cases of successful operations, but for now it appears that it is targeted attacks seeking a specific goal. Microsoftlast week released a security bulletin explaining the different ways you can defend a user, including a patch called “Fix it” already used for a previous vulnerability found in September. However, security experts have reported that can take less than a day disable this patch and make a successful attack.
The vice president of Exodus Intelligence confirmed this in a statement to TechWeekEurope , and again urge Microsoft to launch a more stable security solution to address this problem, taking into account the number of users who are still using older versions of Internet Explorer ( especially in companies where the upgrade process is usually delayed for any inconvenience it generates). Remember that the hole in question affects versions Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 , so the recommended solution if you want to use this browser is upgrade to the latest version and avoid any kind of problem related with this culnerabilidad.
During these days have been revealing more details on this hole, causing a memory corruption in the browser. When the user visits an infected website (until now has sought specific pages and infect very specific what to think invites an attack, and infections have been found only in the United States and Canada), the browser looks for a part of the memory to keep running that does not exist or has been moved, and this error cybercriminals find the door to execute code remotely.
The first target of cybercriminals known was the product of the Council of Public Relations of the United States (it seems that infection of the page began in early December), and this infection was also found in the page of a U.S. manufacturer of microturbines . So, the shadow of a new attack is very obvious political reasons, and could be a new chapter in the emergence of new cyber weapons. Remember that the first great exponent of this batch of weapons of the future was Stuxnet , a Trojan factories directed against Iran’s enriched uranium (the Trojan estimated two years has succeeded in delaying the Iranian nuclear program).
However, the danger of the vulnerability of Internet Explorer for other users is to be published on the web the way that cybercriminals can exploit this hole, so the attack could quickly expander. Microsoft has not given a specific date on which the final patch release (in fact, not on your list of security bulletins for next Tuesday’s monthly update). Again, the advice is clear in this case update your browser or use an alternative like Google Chrome or Firefox as long as this threat.