SecureState Blog

Read SecureState's award winning blog.

Several days ago Microsoft reported that a zero-day vulnerability in Internet Explorer was being actively attacked in the wild. As of today, four active exploits currently exist to exploit this vulnerability. Microsoft has stated that they will push an out-of-cycle Windows patch to temporarily fix the critical flaw.

This zero-day is similar to a buffer overflow attack which enables an attacker to remotely execute code on a compromised system. Anibus released an Analysis Report after scanning a malicious website.

Microsoft intends to release a patch for this flaw on September 21, 2012. SecureState recommends applying this patch as quickly as possible once it has been released. In the meantime SecureState recommends using an alternate web browser such as Mozilla Firefox or Google Chrome until the patch is released.

UPDATE: Microsoft has added an out of band patch for this security flaw.