Microsoft released a security advisory warning users about instances of active exploitation of a vulnerability found in all supported versions of Internet Explorer (6-11).
The remote code execution vulnerability “may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” and an attacker hosting a specially crafted website can exploit it.
Microsoft said the targeted attacks they detected in the wild are currently attempting to exploit this vulnerability in IE 8 and 9, and that it remains vigilant and works with partners to detect and take action against malicious sites that attempt to exploit this flaw.
In order to protect their customers as much as possible until a definitive security update fixing the flaw releases, the company has made available a Fix it solution, and has also recommended to users to:
• Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
The Fix it must end up downloaded and run by the users themselves, and the other two actions might affect the usability of the system, but this last possibility can end up mitigated by adding trusted sites to the Internet Explorer Trusted Sites zone to minimize disruption.
“In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability,” Microsoft said in the advisory.
“In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.”