Zero-day flaw affects three versions of Internet Explorer, as Microsoft warns of activity in the wild

Microsoft has issued an advisory about a zero-day flaw in three versions of Internet Explorer.

It said that the vulnerability is present in versions 6,7 and 8 of Explorer and could allow remote code execution. It is currently investigating public reports around it.

Microsoft said that the vulnerability exists due to an invalid flag reference within Internet Explorer, and under certain conditions it would be possible for the invalid flag reference to be accessed after an object is deleted.

In a web-based attack scenario, an attacker could host a website that contains a web page, which is used to exploit this vulnerability and in addition, compromised websites and ones that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

It said that it is aware of targeted attacks attempting to use this vulnerability and on completion of its investigation, it will take the appropriate action to protect users, which may include providing a solution through its monthly security update release process or with an out-of-band security update.

Wolfgang Kandek, CTO of Qualys, said: “Data Execution Prevention (DEP), a security feature first implemented in 2005, currently prevents the exploit from executing successfully. IE8 users have DEP enabled by default and are protected and according to Microsoft, only a single website was found to host the exploit, but others are soon expected. Upgrading to IE8 with DEP is highly recommended.”

Jason Miller, data and security team leader at Shavlik Technologies, said that even though the reported attacks for this vulnerability have been limited to date and the known websites hosting the exploit have been taken down, there could be more websites coming online at any time with the zero-day vulnerability.

He said: “With the time closing in on the November Patch Tuesday, it is unlikely we will see a patch for this vulnerability in the scheduled monthly updates. If reports of attacks against this vulnerability increase, we can expect to see an out-of-band patch for the vulnerability.

“This vulnerability is just another prime example of why you should look at upgrading your software to the latest version. New versions of software often contain enhanced features that can make it more difficult to exploit.”

Sign up to our newsletters