Look out, Internet Explorer users. eWeek reports that Microsoft will release a patch for a zero-day IE vulnerability later today. Apparently, the vulnerability has to do with IE's data binding function, and malicious hackers have already managed to exploit it. Here's the skinny in Microsoft's words:
The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.
eWeek quotes Microsoft's Christopher Budd as saying, "At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7." That sounds like one of the few occurrences when running IE6 might actually be a good thing, although you're probably still better off running a non-Microsoft browser like Firefox, Safari, Chrome, or Opera.
Until the fix comes out, Microsoft cautions to watch out for instant-message file transfers and e-mail attachments. Since exploiting the hole can give a hacker the same rights as the user, not running with administrative privileges (as in Vista with UAC enabled) might help, too.
Update: The patch is now out. You can download it from this page on Microsoft's website.
|Gigabyte SA-SBCAP3350 puts formidable power on a single board||5|
|Alphacool Eisblock HDX-2 and HDX-3 help M.2 SSDs beat the heat||2|
|Corsair Lighting Pro Expansion Kit lets builders turn up the lights||6|
|Adata D16750 power bank is tougher than the average juice pack||8|
|Deals of the week: fast memory, an AM4 motherboard, and more||12|
|Corsair RMx White Series PSUs take a walk on the snowy side||21|
|Intel crams 100 GFLOPS of neural-net inferencing onto a USB stick||38|
|Toshiba's XG5 1TB NVMe SSD reviewed||9|
|Microsoft and Johnson Controls put Cortana in a thermostat||23|
|I finally understand the stupid bling RGBLED industry now. It's not that people want it all the bling but that if they saturate the market with rainbo...||+16|