Microsoft Alerts Zero Day Attack; Discloses Patch to Solve Issue

January 1, 2013, By Sanjeev Ramachandran

On 29th December, Microsoft confirmed that their IE 6, 7 and 8 will most probably be the target of zero-day vulnerability that is being used by attackers to hijack victims’ Windows computers. MS assured that they will dedicate themselves to release the patch asap.

Fortunately, they have come up a patch and therefore the new year will be having a safe start after all. A zero-day attack is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on ‘day zero’ of awareness of the vulnerability.

This means that the developers have had zero days to address and patch the vulnerability. In a security advisory issued on Dec. 29, Microsoft acknowledged that attacks are taking place.

internetexplorersecurity

“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8,” the alert stated. According to MS, the newer versions of IE, including 2011’s IE9 and this year’s IE10 are not affected.

The company urged the users to upgrade if they are able to do so. According to multiple security firms, the vulnerability was used by hackers to exploit Windows PCs whose owners visited the website of the Council on Foreign Relations (CFR), a non-partisan foreign policy think tank with offices in New York and Washington, D.C.

© 2008-2012 DeviceMag.com - All rights reserved | Privacy Policy