Old Microsoft Internet Explorer versions viz. 8, 7, 6 are known to have a zero-day vulnerability, which can be exploited to execute Remote Code Execution (RCE), as confirmed by Microsoft in its recently launched security advisory named MS12-078 2794220. The vulnerability can allow Remote Code Execution, which allows a hacker to target a server and execute arbitrary commands on it from a remote server, in Internet Explorer 8, 7, and 6. If the same is kept in point, then Microsoft had launched MS12-078 KB2753842, a critical security update, on 18th December for Windows 8, 7, Vista, and XP to patch two known vulnerabilities in them. The update had caused fonts to disappear in CorelDraw and Microsoft PowerPoint documents after disclosure of which Microsoft fixed and re-released the update on 20th December.
In its advisory about IE vulnerability, Microsoft confirmed “The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
Needless to say that this zero-day vulnerability in IE versions has massively affected users’ browsing practices to surf, share, email and do lots more. In fact, users are kind of scared now while opening emails or going online in the wake of being targeted by attackers. Considering this, Microsoft has suggested some simple workarounds, which users can apply and fix the vulnerability problem in their IE browsers.
Workarounds to fix RCE vulnerability in IE versions:
- Upgrade your Internet Explorer to the latest version (9 or 10)
- If you don’t want to upgrade, download the Microsoft Fix-it solution(s) available on the Microsoft website. Save the file and extract its contents. Run the file and follow the on-screen instructions to patch up the zero-day vulnerability. Thereafter, your IE should be fine for you to able to surf.
- Install the latest security patches in order to fix this vulnerability
- Update your antivirus software and run a complete virus scan on your computer. Remove any resulting infected items.