If you use either Internet Explorer 9 or Internet Explorer 10, you might like to know that a new vulnerability has been discovered that affects users of both versions of Microsoft’s browser, according to Mircosoft’s Security TechCenter page. Fortunately, though Microsoft has not yet issued a full patch for this problem, they have at least put out a fix that aims to prevent hackers to use this exploit to target you while surfing the web using IE.
Here’s what Microsoft had to say about the security hole in IE 9 and IE 10.
“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
How to fix the 0-day vulnerability in Internet Explorer 9 and Internet Explorer 10
While Microsoft works on a long-term fix, users of IE 9 and IE 10 can safeguard themselves by heading over to this Microsoft page and following the instructions under the “Fix it for me” section to apply the “MSHTML shim workaround.” Microsoft advises that increased memory usage could occur once the fix is applied, but also notes that this should subside once you restart Internet Explorer.
Microsoft also said that a full patch could arrive with their regularly scheduled Patch Tuesday updates, or as an out-of-cycle update. The next Patch Tuesday will take place on March 11, about two and a half weeks from now.
On a related note, a flaw in Internet Explorer 10 was recently exploited to launch attacks on visitors of a website that caters to the needs of U.S. military veterans.
What do you think? Sound off in the comments below.
- Still using Windows 8.1? You’re on your own now
- Microsoft will pay you up to $250,000 to find Spectre-like flaws
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs
- Blizzard patches security hole to block hackers from sending fake updates
- Cryptojacking turns your PC into a Bitcoin mine, but you won’t see a cent