Fix-it tool for zero-day vulnerability in Internet Explorer available2014-03-21 | Comebuy News
Microsoft has released a fix-it tool that will protect users from the effects of an attack to the zero-day vulnerability in Internet Explorer 9 and 10, known since last week. A security advisory that it is a use-after-free bug in the library "mshtml.dll", so the rendering engine of Microsoft's browser. Attackers can exploit it to gain control over the computer.
However, the fix-it tool does not eliminate the vulnerability. According to the company, it is also only in a position to protect against the currently known attacks. It is available for Internet Explorer 9 and 10 available and requires no reboot. Also, it should not affect the use of the browser.
Microsoft points out that Internet Explorer uses more memory after you install of the fix it tool in circumstances than before. The issue will however by a restart of the browser. Microsoft recommends affected users to install the tool or to switch to Internet Explorer 11, which is not vulnerable. However, IE11 not for Windows Vista and Server 2008 available is.
According to the Microsoft spokesman Dustin Childs, a patch for the vulnerability is already in work. "We are closely monitoring the threat landscape and will take appropriate measures to protect our customers all over the world", he writes in the blog of the Microsoft Security Response Center.
The security company FireEye had discovered the vulnerability and forwarded to Microsoft. It provides a classic drive-by download. It is sufficient that a user visits a malicious Web page. Malicious software then passes without further interaction on his computer.
[with material by Larry Seltzer, ZDNet.com]
Tip: How safe are you in security? Check your knowledge - with 15 questions on silicon.deBildergalerieAktuelle browser in the benchmark test» to the picture gallery...