Microsoft investigating new Internet Explorer 10 zero-day flaw exploited in targeted attacks

FireEye Labs today discovered a new zero-day vulnerability in Internet Explorer 10 being exploited on a website based in the US. No user interaction is required: just visiting a compromised website is enough to trigger a classic drive-by download attack, download and install a payload from a remote server. We contacted Microsoft and the company confirmed with us that it is investigating.

“Microsoft is aware of targeted attacks against Internet Explorer, currently targeting customers using Internet Explorer 10,” a Microsoft spokesperson told TNW. “We are investigating and we will take appropriate actions to help protect customers.”

A zero-day vulnerability refers to a security flaw that was previously unknown and is being currently exploited in the wild. This one happens to target IE10 users, meaning it’s not so severe because not all IE version are affected and users can upgrade to the latest release, IE11. We will update you as we learn more.

Image Credit: Robert Linder

from The Next Web


0 Kommentare:

Kommentar veröffentlichen