Microsoft zero-day vulnerabilities affecting IE warning for all IE versions
Microsoft on Wednesday (12/22) released a security bulletin that contains the IE browser, a serious vulnerability that can lead to remote code attack.
Information security industry as early as VUPEN Security earlier this month to expose the vulnerability, while Microsoft is in the exploit code for the vulnerability publicly released security bulletin after the decision, the proposal to lower the attack.
According to the instructions VUPEN Security when dealing with web page IE @ import rules with a variety of CSS files, mshtml.dll library will appear after the release of memory used (use-after-free) the wrong question, hackers can create a special pages trigger the vulnerability and execute arbitrary code. This issue affects Windows XP, Windows Vista and Windows 7 on IE 6, IE 7 and IE 8 browser version, etc..
Microsoft describes the possible paths of attack, including the hacker can set up a Web site used to attack the vulnerability, or harm the legitimate website, or allow users to upload content or advertisements posted to embed a specially crafted Web site content, although the hack Customer can not force users to visit related sites, but can use the induction method, such as the user click the e-mail or instant message link.
So far Microsoft has not yet received the report of the vulnerabilities, the current emergency has not updated the vulnerability of the plan, but put forward the proposal being to prevent attacks.
Microsoft recommends that users in Windows Vista and Windows 7, IE protected mode is enabled (Protected Mode), In addition, since the relevant attack can allow an attacker to obtain user rights, Microsoft also suggested a lower user privileges, and called for use who do not click unknown links