Microsoft has released a temporary update that patches a security flaw attackers are actively exploiting to hack Internet Explorer users.
The Fix it plugs a hole in all supported versions of Internet Explorer, even though there are "only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9," Dustin Childs, a group manager for communications in Microsoft's Trustworthy Computing group, wrote in an advisory posted Tuesday morning. "This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type," he added.
In a separate advisory, Microsoft officials added: "The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."
There were no details about the targeted attacks immediately available. Out of an abundance of caution, readers are advised to install the Fix it, particularly if they use Internet Explorer regularly to browse websites. Microsoft is still investigating the attacks and will likely issue a formal update once the investigation is completed.
reader comments
19