IT Consulting and Tech Support Blog

New IE Zero-Day Vulnerability Discovered

Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer, which he claims will affect fully patched versions of Microsoft Internet Explorer 7, 8 and 9.

The exploits, developed over the weekend for the Metasploit exploit toolkit, have been linked to Nitro, the same group of hackers from China who were exploiting two Java zero-days in late August. “Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers such as Chrome or Firefox until a security update becomes available,” a post on the Metasploit community blog said. “The exploit had already been used by malicious attackers in the wild before it was published in Metasploit.”

Microsoft is [strongly] advising all Windows users to install a free security software to protect their PCs from a newly discovered vulnerability in its Internet Explorer browser. The free security tool, called the Enhanced Mitigation Experience Toolkit (EMET), will prevent hackers from gaining access to Windows-based systems and is currently available from Microsoft here .

This entry was posted in Exploits, Microsoft Windows, Vulnerabilities, Web Security and tagged , , , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>