Minggu, 30 Desember 2012
Hackers have found yet another security flaw in Internet Explorer that would allow them to install malicious software on vulnerable computers.
Security company FireEye reports that the issue was discovered after the Council on Foreign Relations website got hacked, as the page was specifically compromised to exploit the flaw.
The attacks are made via Adobe Flash on a fully-patched computer running Internet Explorer 8, the security vendor said.
Rapid7 urged IE users to ditch the browser and rely on a rival's application.
"Since Microsoft has not released a patch for this vulnerability yet, users are strongly advised to switch to other browsers, such as [Google's] Chrome or [Mozilla's] Firefox, until a security update becomes available," Rapid7 advised in a Monday post to its Metasploit blog.
HD Moore, chief security officer at Rapid7 and creator of Metasploit, said he and his team had not yet tested IE10 on Windows 8. That testing is next on his to-do list. "But I would guess 'Yes,' that it can be exploited," Moore said in an interview today.
Microsoft has already confirmed that it�s investigating the issue, but has explained that IE9 and IE10 are not affected by the flaw.
�We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8. We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted,� Dustin Childs, group manager for response communications at Microsoft, told KrebsonSecurity.
Rating: 4.5
Reviewer: Unknown
ItemReviewed: Hackers Find Zero-Day Vulnerability in Internet Explorer
