Microsoft releases fix for Internet Explorer flaw used in attacks

Feb. 20, 2014 at 7:46 PM
share with facebook
share with twitter

REDMOND, Wash., Feb. 20 (UPI) -- Microsoft says it's releasing a temporary workaround for a newly found flaw in Internet Explorer already being used in at least two targeted attack campaigns.

Two separate hacking efforts have been seen exploiting the bug in Internet Explorer 10, also present in IE9 but not earlier IE versions, that lets attackers remotely run code via malicious JavaScript, reported Thursday.

"At this time, we are only aware of limited, targeted attacks against Internet Explorer 10," Dustin Childs of Microsoft's Trustworthy Computing group wrote on a Microsoft blog. "This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message," he said.

The released fix protects against the known attacks that exploit the bug, he said.

"Internet Explorer 11 is not affected by this issue, so upgrading to this version will also help protect customers from this issue," Childs said.

Related UPI Stories
Trending Stories