Post by sherlew99 on Apr 27, 2014 22:23:14 GMT -6
Microsoft acknowledges "in the wild" Internet Explorer zero-day
by Paul Ducklin on April 27, 2014
An "in the wild" exploit has been spotted that can cause RCE, or remote code execution, in Internet Explorer.
RCE means a drive-by install, where simply looking at booby-trapped content such as a web page or image file can trick IE into launching executable code sent from outside your network.
There won't be any obvious warning signs, or "Danger, Will Robinson!" dialog boxes.
So, armed with an RCE exploit, a crook may be able to sneak malware onto your computer even if you don't take any obvious risks such as opening a suspicious attachment or agreeing to download a dubious-sounding file.
There is no patch yet [2014-04-27T21:20Z], so a simple trip to Windows Update won't help.
But the good news is that the attacks seen in the wild so far seem to have relied on hitting IE 9, 10 and 11, using Adobe Flash as a lever.
by Paul Ducklin on April 27, 2014
An "in the wild" exploit has been spotted that can cause RCE, or remote code execution, in Internet Explorer.
RCE means a drive-by install, where simply looking at booby-trapped content such as a web page or image file can trick IE into launching executable code sent from outside your network.
There won't be any obvious warning signs, or "Danger, Will Robinson!" dialog boxes.
So, armed with an RCE exploit, a crook may be able to sneak malware onto your computer even if you don't take any obvious risks such as opening a suspicious attachment or agreeing to download a dubious-sounding file.
There is no patch yet [2014-04-27T21:20Z], so a simple trip to Windows Update won't help.
But the good news is that the attacks seen in the wild so far seem to have relied on hitting IE 9, 10 and 11, using Adobe Flash as a lever.
Click here for more including a few tricks which can help keep your computer secure.
