An unpatched exploit in Microsoft’s Internet Explorer is being used in online attacks. The attack comes from what’s known as a web drive-by in which a user visits a webpage that contains the attack code.
The attack allows criminals to access users browsers and web apps without their permission or knowledge. Microsoft yet to release an update to fix the flaw which lies in IE’s MTHML parsing software, even though the vulnerability was published two months ago. The flaw allows for code injection, which means that once an attacker gains access they can run their own code on the targeted machine.
Google and Microsoft recommend downloading the fixit tool until an official patch is released. You can download it here.
No one is saying who is being targeted or why, could be robots, could be WATSON gone rouge, could be people stealing credit card info. So for the time being you should download the patch, just to be on the safe side.
No comments:
Post a Comment