Internet Explorer 'security hole' leaves a quarter of web browsers vulnerable

Photo / Thinkstock
Photo / Thinkstock

Microsoft is scrambling to repair a security hole in its widely used Internet Explorer web browser, saying it had detected attempts to exploit the flaw.

The US software giant says the coding problem affected versions six through 11 of its flagship browser, noting it was aware of "limited, targeted attacks'' taking advantage of the newly discovered flaw.

According to security company FireEye, the 'zero-day' flaw - aptly named because the vulnerability gives users zero days of warning before the attack - leaves about a quarter of the total browser market at risk.

Microsoft says that an attacker who successfully exploits the vulnerability could gain the same user rights as the official user.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,'' Microsoft said on its security website on Saturday.

"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.''

Cybersecurity firm FireEye, which took credit for identifying the flaw, said hackers were exploiting the bug in a campaign nicknamed "Operation Clandestine Fox.''

Users still relying on Windows XP could be especially vulnerable because Microsoft stopped early this month supporting the older operating system with security patches and other software updates.

Also read:
Heartbleed bug: What you need to know
How the Heartbleed bug reveals a flaw in online security
Please change your passwords

Earlier this month, the "Heartbleed'' flaw in Internet security saw everyone from website operators and bank officials to casual Internet surfers and governments being told their data could be in danger.

Watch: HeartBleed bug puts internet users at risk

Heartbleed allowed hackers to snatch packets of data from working memory in computers, creating the potential for them to steal passwords, encryption keys, or other valuable information.

-AFP, with NZ Herald

© Copyright 2014, APN New Zealand Limited

Assembled by: (static) on production bpcf05 at 23 Nov 2014 17:04:01 Processing Time: 29ms