All About IE’s Use-after-free Vulnerability

Written by: Categories: Uncategorized

Just a couple of weeks after news about the Heartbleed bug wreaked havoc in the Internet security world, another serious vulnerability has been discovered, this time affecting Microsoft’s Internet Explorer (IE).

This particular flaw is a “use-after-free” vulnerability, where hackers can inject malware into certain websites and then trick users into visiting those websites through spam emails or social engineering. The hackers can then gain total access of a user’s system, and from there they can install more malware and view, change or delete data. The more administrative privileges a user has, the worse a possible attack can be.

Hackers often use Adobe Flash Player as a gateway for an attack. Note that the vulnerability is not in Flash itself—the vulnerability relies on an IE flaw that is used to corrupt Flash and bypass Windows security protection.

Are You Affected?

IE versions 6, 7, 8, 9, 10 and 11 are all affected, although attacks are currently targeting versions 9, 10 and 11. However, that does not mean versions 6-8 are safe. 2013 data shows that targeted IE versions account for just over a quarter of the Internet browser market share. Including IE versions 6-8, IE accounts for more than half the world’s browser market share.

Currently, all users of IE versions 6-11 are at risk.

How Can You Fix the Problem?

Microsoft has not yet issued a patch for the vulnerability, but one should be expected soon. In the meantime, using another browser is the best way to avoid problems.

If using another browser isn’t an option, Microsoft recommends downloading its Enhanced Mitigation Experience Toolkit to limit risk until a patch is released. To learn more about the Toolkit, visit Microsoft’s website.

Users of Windows XP will not receive any patch for the vulnerability, as Microsoft discontinued support for the operating system earlier this year. If you use XP, it is recommended that you use another browser.

What Should Employees, Friends and Family Do?

Alert all friends, family and employees about the vulnerability and recommend that they discontinue use of IE immediately.

Also, remind them of the dangers of clicking on suspicious links or downloading unfamiliar attachments in their email programs.