#1 Microsoft Internet Explorer Use-After-Free Vulnerability Being Actively Exploited
04-28-2014, 08:06 PM
- Join Date
- May 2008
- Locked in a Dungeon, being tortured and LOVING IT!
US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.
US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.
Rest In Peace America
July 4, 1776 - January 20, 2009
04-29-2014, 04:44 PM
I had to look this up for more information.
“US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.” Enhanced Mitigation Experience Toolkit (EMET) is a Microsoft utility that helps prevent vulnerabilities in software from being successfully exploited, and can be downloaded here. It supports every Microsoft operating system from Windows 7 on up.
Microsoft has yet to decide whether it will issue an emergency patch in the coming days or wait for patch Tuesday on May 13 to repair supported versions of IE.
The new remote code execution vulnerability, dubbed CVE-2014-1776, has the potential to give hackers the same user rights as the current user. That means a successful attacker who infects a PC running as administrator would have a wide variety of attack open to them such as installing more malware on the system, creating new user accounts, and changing or deleting data stored on the target PC.
|« Previous Thread | Next Thread »|