Internet Explorer 0-Day Vulnerability Now Used in Widespread Attacks
If you’re using IE 9 or 10 to surf the web then you are strongly advised to do one of two things: apply Microsoft’s temporary FixIt solution or start using another web browser.
Cybercriminals are actively exploiting an Internet Explorer vulnerability (CVE-2014-0322) in drive-by-download attacks.
Microsoft’s Security Advisory (2934088) states that “the vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.” Successful exploitation of the bug could potentially allow an attacker to execute arbitrary code.
Both Internet Explorer 9 and Internet Explorer 10 are affected by the vulnerability. All other versions of Internet Explorer – including IE11 – are not affected.
FireEye & Symantec researchers first spotted attacks that exploited the vulnerability on Feb 13th. The attacks appeared to be targeting a limited audience at that point, but Symantec is now warning that is no longer the case.
How to Stay Safe if You Use Internet Explorer 9 or 10
Microsoft has yet to release an official update to address the vulnerability, but Internet Explorer users affected by this vulnerability are urged to: