Microsoft Corp. (NASDAQ: MSFT) has released a warning about vulnerabilities in its Internet Explorer that create security flaws that it deems as a “danger” for people who use Windows XP. According to a security alert posted by the huge software company:

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

READ MORE: Greatest Product Flops of All Time 

In other words, the problem spans versions of the browser that date back a number of years. The vulnerability is broad enough so that PC users could suffer significant consequences at the hands of hackers:

• An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

According to tech site Re/code:

A newly discovered flaw affecting several versions of Microsoft’s Internet Explorer has left a significant portion of the world’s web browsers vulnerable to attack.

Disclosed in an unusual Saturday alert from Microsoft, the flaw is being called a serious “Zero Day” vulnerability by security company FireEye, which claims it affects more than 56 percent of the world’s web browsers currently in use.

It’s a remote code execution vulnerability, which in English means a bad guy can make a target computer run software after a successful attack. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft’s alert reads. The phrase “arbitrary code” means pretty much any software that the attacker chooses to run.

READ MORE: The World’s Most Innovative Companies

 

Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.