Microsoft’s advisory speaks of
“active attacks” and follows a separate note from Google that references
the IE flaw “being actively exploited in the wild for targeted
attacks.”
Microsoft and Google have separately warned about a new Internet
Explorer zero-day being exploited to break into GMail accounts.
The browser flaw, which is currently unpatched,
expose Windows users to remote code execution attacks with little or no
user action (drive-by downloads if an IE users simply surfs to a rigged
site).
Microsoft’s advisory speaks of “active attacks” and follows a
separate note from Google that references the IE flaw “being actively
exploited in the wild for targeted attacks.”
A source close to these investigations confirm that these attacks prompted Google’s recent decision to warn GMail users about “state-sponsored attackers.”
On Twitter (see image), several users have publicly reported seeing the message atop their GMail inboxes.
Microsoft’s explanation of the issue:
The vulnerability could allow remote code
execution if a user views a specially crafted webpage using Internet
Explorer. An attacker would have no way to force users to visit such a
website. Instead, an attacker would have to convince users to visit the
website, typically by getting them to click a link in an email message
or Instant Messenger message that takes them to the attacker’s website.
The vulnerability affects all supported releases of Microsoft Windows,
and all supported editions of Microsoft Office 2003 and Microsoft Office
2007.
The vulnerability exists when MSXML
attempts to access an object in memory that has not been initialized,
which may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the logged-on user.
No comments:
Post a Comment