Microsoft Confirms Internet Explorer Vulnerability [Security]
Microsoft has confirmed a vulnerability in several Internet Explorer versions which has supposedly been used in the Chinese attack against Google and other companies. The vulnerability exists in Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 but the attacks seem to have been only targeting Internet Explorer 6 systems according to information posted in the vulnerability description at the Microsoft website.
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Microsoft is currently working on a patch to fix the vulnerability with the likelihood that the patch will be released out of their usual patch cycle as an emergency patch.
The patch confirmation page lists several mitigating factors but the safest option right now is to switch to a different web browser at least for as long as no patch is provided to protect the computer system from the vulnerability.
Incoming Terms: internet explorer versions, internet explorer 7, internet explorer 8, internet explorer vulnerability, vulnerability description, invalid pointer, emergency patch, code execution, explorer 6 internet, microsoft website, google, mitigating factors, remote code execution microsoft, computer system, likelihood, web browser, confirmation, microsoft, vyprvpn vyprvpn iphone s max preview button three steps open windows technology companies vyprvpn iphone
