Microsoft has recently issued a security advisory for a remote code execution vulnerability with Internet Explorer 6-8. As stated by Microsoft, this vulnerability may corrupt memory in a way that could potentially allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
“The IE team is working around the clock to develop a security update to address this vulnerability for earlier versions of the product,” Microsoft stated. “However, until the update is available, customers using Internet Explorer 8 can block the current targeted attacks by introducing changes to disrupt any of the elements of the exploit.”
These changes involve disabling the following:
- MS-Help Protocol Helper
SecureState ultimately recommends that individuals upgrade to Internet Explorer9-10, as these versions are not affected. Users can also opt to use a different browser, such as Mozilla Firefox or Google Chrome for example. Current statistics from w3counter show that at least 14.03% of Web Browsers used are affected by the vulnerability. *Note this statistic does not include Internet Explorer 6.