Just when you thought things were starting to cool down a little after the Heartbleed Bug, Microsoft issued a security advisory on Saturday warning users of a vulnerability in its Internet Explorer web browser that could allow malicious “remote code execution.”
The vulnerability affects all versions of the browser and, as of this writing, there is no patch available to fix the issue.
Revealing the vulnerability on its website, Microsoft stated:
The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
“XP users are not safe anymore and this is the first vulnerability that will not be patched for their systems.“
FireEye, the security firm taking credit for finding the vulnerability, posted a notice on its website alerting users to the issue. “Threat actors are actively using this exploit in an ongoing campaign which we have named ‘Operation Clandestine Fox,’ reads the statement on FireEye’s website.
Security firm Symantec issued its own alert regarding the issue, highlighting the fact that Windows XP users are particularly susceptible, stating, “especially XP users are not safe anymore and this is the first vulnerability that will be not patched for their system.”
This last point is no small issue as Microsoft officially ended support for Windows XP earlier this month, which means no more security updates for the millions still using the operating system.
At present, the safest option might be to use another browser until Microsoft issues a security patch.
Read the full story on mashable.com