Wednesday, November 3, 2010

Microsoft issues advisory on Internet Explorer drive-by attack

Microsoft is warning customers of a new zero-day vulnerability in Internet Explorer being actively targeted by attackers using drive-by attacks

A memory allocation error, present in Internet Explorer 6, 7, and 8 could enable an attacker to execute code and gain access to a victim's machine. An attack website was discovered targeting the IE flaw in drive-by attacks. Internet Explorer 9 Beta is not affected by the issue, Microsoft said.
"The exploit code was discovered on a single website that is no longer hosting the malicious code," said Jerry Bryant, group manager of response communications in the Microsoft Trustworthy Computing Group.

In a blog entry, Bryant said engineers were working on an automated "fix-it" repair until a permanent patch could be released. Currently, the issue "does not meet the criteria for an out-of-band release," Bryant said.
Drive-by attacks have become an increasingly common method of attack. Users are often lured to visit a malicious website in an email message, an instant message or through poisoned search engine results. Often times legitimate websites are compromised to host attack code. Blogs, social networks and Web forums can also be used to host drive-by attacks.

More Info:

No comments: