Remote Code Execution Flaw Discovered in Internet Explorer, Versions 6~11 Affected
Posted on April 28, 2014 2:48 PM by Rob Williams
A rather severe vulnerability involving Internet Explorer has just been discovered, with Microsoft warning all users of the browser to proceed with caution. The flaw can result in remote code execution simply by visiting a compromised webpage, so it’s being recommended that users of later IE versions enable Data Execution Protection at the minimum, and be careful about clicking on unfamiliar URLs.
As it appears, this flaw has been around for quite some time. It affects all versions dating back to 6, although security firm FireEyereports that it’s only exhibited 9 through 11 being targeted. There’s nothing to stop earlier versions from being targeted as well, however, and it’s sure to happen now that the fault has reached greater visibility.
Microsoft ceased support for IE 6 and 7 long ago, so it seems likely that no patch will be issued for those versions. Further, while IE 8 is supported for Vista and onward, it’s not for Windows XP, as the OS itself is no longer supported. For those sticking with XP, the easiest solution is to use an alternative browser, like Chrome or Firefox, because as it is, this vulnerability could just be the first of many.
Microsoft hasn’t stated when it will be releasing a patch for this issue, but given its severity, we’re sure it’s not going to be resting on its laurels to get one released.