Microsoft investigating new zero-day exploit

By on
Microsoft investigating new zero-day exploit

Internet Explorer flaw comes to light.

Microsoft has reacted quickly to a new vulnerability in Internet Explorer which could allow remote code execution.

Jerry Bryant, senior security communications manager at Microsoft, said in a blog post yesterday that the issue, which was posted at the end of last week, had no obvious exploits but could pose some problems.

"An issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop-up dialogue box," he said.

"We are not aware of any attacks seeking to exploit this issue at this time, and in the current state of our investigation we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista are not affected."

The issue concerns Windows Help files and VBScript, file types designed to invoke automatic actions during normal use.

"While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system," said Bryant.

Microsoft urged users to ensure that their security software is up to date and that they have a firewall in place.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©

Most Read Articles

Log In

  |  Forgot your password?