Microsoft issued another warning today only a short while after the Heart bleed bug was identified. This latest vulnerability is present in all versions of Internet Explorer from 6 through to 11 and could allow for the remote execution of code.
Microsoft wrote: “The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.”
This can be done by creating a website in a specific way containing code. The hard part would be to convince people to visit the site; although seeing as this is barely traceable it could previously have passed most firewalls site checkers. Microsoft is advising all users to run an enabled firewall, apply all software updates and install anti-software.
The risk is lower on iterations of Windows Server software, as for the most part they run in a restricted mode known as Enhanced Security Configuration which will reduce but not prevent the risk of infection.
Microsoft is working to fix this issue but there is no suggestion of when this will be, it has advised that a solution may be provided either through its monthly security update release or via an out-of-cycle security update so keep an eye out for windows updates.
See also: Heartbleed Attack wages war on the Web – Minecraft Hit!
Those of you still running Windows XP will not receive these updates as support for it ran out last month, there is no way around this short of updating to a newer operating system. It’s probably just a poorly timed coincidence though.
I tried to put this issue in the simplest terms I could, I couldn’t so I asked someone else. “There’s an issue with the way Internet Explorer sends data to your PC, this allows someone to run a code in the ram that allocates itself in a way that can’t be deleted. They can then use this to execute other commands on your PC.” He couldn’t either.
It is unlikely to be present on anything other than illegitimate sites so don’t follow links in odd looking emails or click on ads, usual stuff for staying safe on the web and you should be fine. Other browsers appear unaffected so you could always switch to one of their competitors.