Jump to content

Microsoft offers temporary Internet Explorer fix


Recommended Posts

Critical vulnerability could allow for remote code execution

Microsoft has released an intermediate fix for a critical vulnerability with Internet Explorer that could leave computers open to attack and remote code execution.

The software giant said that there have been public reports of limited attacks which could let a hacker take control of a computer.

"The vulnerability exists due to the creation of uninitialised memory during a CSS [Cascading Style Sheets] function within Internet Explorer," Microsoft said in its Security Advisory 2488013.

"It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted web page to gain remote code execution."

Microsoft is investigating the issue and has released some mitigating workarounds which it recommends customers to deploy.

The vulnerability affects Internet Explorer 6, 7 and 8, and was first acknowledged by Microsoft in December. However, the company has now updated its guidance having created the workaround.

This new intermediate fix prevents the recursive loading of CSS in Internet Explorer, and Microsoft suggested that, with IT administrators already being " under active attack", they should evaluate its suitability.

Microsoft said in a posting to its Security Research & Defence blog that the workarounds are currently the only way to mitigate the threat, because there is no way to selectively disable the functionality that makes it possible.

The workaround applies a level of scrutiny to CSS, and will cause Internet Explorer to reject the importation of any style sheet that has the same URL as the CSS from which it is being loaded.

"Simply put, the workaround inserts a check to see if a style sheet is about to be loaded recursively, and if it so, it aborts the load of the style sheet," the company said.

view.gif View: Original Article

Link to comment
Share on other sites

  • Replies 2
  • Views 1.3k
  • Created
  • Last Reply

with the keyword here being "temporary" :lmao:

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...