|By Aaron Sims | 6 years ago|
Internet Explorer versions 6 to 9 are vulnerable and versions 10 and 11 are likely to be targets of viral attacks utilizing a method called “heap feng shui.”
“The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer, ” Microsoft posted on its website. “An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
All supported Windows versions with the exception of Server Core are also prone to the attacks, while Windows Server versions on which IE is run in the default Enhanced Security Configuration are not vulnerable unless an affected site is placed in the Internet Explorer Trusted sites zone, ZDNet reports.
Research firm FireEye alerted Microsoft about the issue on Saturday and Microsoft released the security update shortly after that.
“Threat actors are actively using this exploit in an ongoing campaign which we have named “Operation Clandestine Fox,” FireEye posted, adding it “will not provide campaign details … but we believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market.”
EMET (Enhanced Mitigation Experience Toolkit) can address the vulnerability, and FireEye recommends applying a Microsoft patch once its released. Microsoft announced it was “actively working with partners in our Microsoft Active Protections Program (MAPP)” to find a solution.