Patches Available for Recent Internet Explorer Vulnerability (10/8/2013)
An exploit has been circulating that takes advantage of vulnerabilities in Internet Explorer versions 6 through 11.There are reports (and Microsoft has acknowledged) that this vulnerability is being exploited in the wild against Internet Explorer versions 8 and 9. Microsoft released software patches on October 8, 2013.
The update is designated KB2879017. ISC strongly suggests that all users of Internet Explorer patch as soon as possible.
As always, end users are advised not to open unsolicited e-mail messages, and not to click on provided links, especially those from unrecognized or suspicious origins.
The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. In order to exploit this vulnerability, an attacker may provide a link to a malicious website with persuasive language to click on a provided link.
Internet Explorer is vulnerable on the following operating systems.
- Windows XP SP3 and prior
- Windows Vista SP2 and prior
- Windows 7 SP1 and prior
- Windows 8.1 and prior
- Windows Server 2003 SP2 and prior
- Windows Server 2008 R2 SP1 and prior
- Windows Server 2012 R1 and prior
ISC data suggests that approximately 20% of University desktop users are using Internet Explorer as their primary web browser.