Internet Explorer Has Huge Security Flaw

By Douglas A. McIntyre Published Apr 28, 5:24AM EDT

Follow 24/7 Wall St. on Google

This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive compensation for actions taken through them.

Microsoft Corp. (NASDAQ: MSFT) has released a warning about vulnerabilities in its Internet Explorer that create security flaws that it deems as a “danger” for people who use Windows XP. According to a security alert posted by the huge software company:

Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

In other words, the problem spans versions of the browser that date back a number of years. The vulnerability is broad enough so that PC users could suffer significant consequences at the hands of hackers:

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.

According to tech site Re/code:

A newly discovered flaw affecting several versions of Microsoft’s Internet Explorer has left a significant portion of the world’s web browsers vulnerable to attack.

Disclosed in an unusual Saturday alert from Microsoft, the flaw is being called a serious “Zero Day” vulnerability by security company FireEye, which claims it affects more than 56 percent of the world’s web browsers currently in use.

It’s a remote code execution vulnerability, which in English means a bad guy can make a target computer run software after a successful attack. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft’s alert reads. The phrase “arbitrary code” means pretty much any software that the attacker chooses to run.

About the Author Douglas A. McIntyre →

Douglas A. McIntyre is the co-founder, chief executive officer and editor in chief of 24/7 Wall St. and 24/7 Tempo. He has held these jobs since 2006.

McIntyre has written thousands of articles for 24/7 Wall St. He is an expert on corporate finance, the automotive industry, media companies and international finance. He has edited articles on national demographics, sports, personal income and travel.

His work has been quoted or mentioned in The New York Times, The Wall Street Journal, Los Angeles Times, The Washington Post, NBC News, Time, The New Yorker, HuffPost USA Today, Business Insider, Yahoo, AOL, MarketWatch, The Atlantic, Bloomberg, New York Post, Chicago Tribune, Forbes, The Guardian and many other major publications. McIntyre has been a guest on CNBC, the BBC and television and radio stations across the country.

A magna cum laude graduate of Harvard College, McIntyre also was president of The Harvard Advocate. Founded in 1866, the Advocate is the oldest college publication in the United States.

TheStreet.com, Comps.com and Edgar Online are some of the public companies for which McIntyre served on the board of directors. He was a Vicinity Corporation board member when the company was sold to Microsoft in 2002. He served on the audit committees of some of these companies.

McIntyre has been the CEO of FutureSource, a provider of trading terminals and news to commodities and futures traders. He was president of Switchboard, the online phone directory company. He served as chairman and CEO of On2 Technologies, the video compression company that provided video compression software for Adobe’s Flash. Google bought On2 in 2009.

Continue Reading

Douglas A. McIntyre | Oct 2, 2015 at 6:36 AM EDT

950 Million Android Devices Threatened by Bug

The following warning was issued by a software security firm that researches the Google Android OS.

Douglas A. McIntyre | Jan 13, 2011 at 4:30 PM EST

An Android Secuity Threat? A Self-Serving Answer

Is Google Inc.’s (NASDAQ:GOOG) Android operating system more vulnerable to security flaws than the Apple Inc. (NASDAQ:AAPL) iPhone as Trend…

Paul Ausick | May 4, 2021 at 8:02 AM EDT

What’s Up With Apple: Foldable iPhones Coming, iOS Bug Fixed and More

A respected Apple analyst said that the company expects to release a foldable iPhone in 2023 and sell some 20…

Douglas A. McIntyre | Sep 1, 2008 at 5:37 PM EDT

Google (GOOG) Browser: Crush Mozilla, Challenge Microsoft (MSFT)

Microsoft’s (MSFT) Internet Explorer has dominated the browser world for nearly a decade. It has also been part of legal…

Douglas A. McIntyre | May 26, 2008 at 3:53 AM EDT

Another Online Headache For Microsoft (MSFT): Browser Competition

One of the most important outposts that Microsoft (MSFT) has on the internet is its browser, Internet Explorer. The huge…

Paul Ausick | Jul 11, 2018 at 12:00 PM EDT

Hackers Are Selling Access to Critical Airport Systems for $10–and That’s Just the Start

For a mere $10, a hacker can purchase a login that could grant access to an airport's building security and…

Lee Jackson | Sep 12, 2017 at 8:15 AM EDT

Security Software Back in Focus After Huge Equifax Hack Exposes Millions

While the whirlwind around the top cybersecurity stocks has really slowed from the 2013 too 2015 pace, the need is…

Paul Ausick | Sep 27, 2012 at 10:56 AM EDT

EU Set to Charge Microsoft over Browser Choice

The European Union’s antitrust regulator is preparing to launch an official investigation into a failure by Microsoft Corp. (NASDAQ: MSFT)…

247patrick | Nov 30, 2022 at 10:08 PM EST

Alameda Research and Terra-Backed Privacy Protocol Was Vulnerable to User Data Exploit

A group of researchers found a critical exploit in the privacy protocol Secret Network that threatened to put at risk…

Top Gaining Stocks

Cboe Global Markets

CBOE • Vol: 1,568,143

+$26.87

+8.95%

$326.96

New Pluto Global

PSKY • Vol: 12,285,993

+$0.85

+8.30%

$11.09

Seagate Technology

STX • Vol: 7,378,346

+$53.29

+7.91%

$726.93

Oracle

ORCL • Vol: 26,317,675

+$10.44

+6.47%

$171.83

Datadog

DDOG • Vol: 6,247,779

+$8.34

+6.31%

$140.53

Top Losing Stocks

LKQ

LKQ • Vol: 4,367,433

-$3.07

9.72%

$28.51

Clorox

CLX • Vol: 13,260,523

-$9.33

9.67%

$87.11

Stryker

SYK • Vol: 4,519,455

-$20.40

6.47%

$294.73

Mohawk Industries

MHK • Vol: 1,859,865

-$5.63

5.33%

$99.93

Amgen

AMGN • Vol: 3,818,618

-$16.43

4.75%

$329.82

Internet Explorer Has Huge Security Flaw

How to Add Us to Google News

Want $1,150 in Passive Income? Invest $10,000 Into These 3 Dividend Aristocrats

A 70-Year-Old With $1.4 Million Faces a $62,000 RMD That Pushes Him Into a Higher Tax Bracket

A Couple’s $1.2 Million Portfolio Faces a 3.9% Withdrawal Rate That Feels Safe but Is Not

A 70-Year-Old With $1.4 Million Faces a $62,000 RMD That Pushes Him Into a Higher Tax Bracket

A Couple's $1.2 Million Portfolio Faces a 3.9% Withdrawal Rate That Feels Safe but Is Not

Continue Reading

950 Million Android Devices Threatened by Bug

An Android Secuity Threat? A Self-Serving Answer

What’s Up With Apple: Foldable iPhones Coming, iOS Bug Fixed and More

Google (GOOG) Browser: Crush Mozilla, Challenge Microsoft (MSFT)

Another Online Headache For Microsoft (MSFT): Browser Competition

Hackers Are Selling Access to Critical Airport Systems for $10–and That’s Just the Start

Security Software Back in Focus After Huge Equifax Hack Exposes Millions

EU Set to Charge Microsoft over Browser Choice

Alameda Research and Terra-Backed Privacy Protocol Was Vulnerable to User Data Exploit

Top Gaining Stocks

Top Losing Stocks

Want $1,150 in Passive Income? Invest $10,000 Into These 3 Dividend Aristocrats

A 70-Year-Old With $1.4 Million Faces a $62,000 RMD That Pushes Him Into a Higher Tax Bracket

Internet Explorer Has Huge Security Flaw

How to Add Us to Google News

Want $1,150 in Passive Income? Invest $10,000 Into These 3 Dividend Aristocrats

A 70-Year-Old With $1.4 Million Faces a $62,000 RMD That Pushes Him Into a Higher Tax Bracket

A Couple’s $1.2 Million Portfolio Faces a 3.9% Withdrawal Rate That Feels Safe but Is Not

Featured Reads

A 70-Year-Old With $1.4 Million Faces a $62,000 RMD That Pushes Him Into a Higher Tax Bracket

A Couple's $1.2 Million Portfolio Faces a 3.9% Withdrawal Rate That Feels Safe but Is Not

Continue Reading

950 Million Android Devices Threatened by Bug

An Android Secuity Threat? A Self-Serving Answer

What’s Up With Apple: Foldable iPhones Coming, iOS Bug Fixed and More

Google (GOOG) Browser: Crush Mozilla, Challenge Microsoft (MSFT)

Another Online Headache For Microsoft (MSFT): Browser Competition

Hackers Are Selling Access to Critical Airport Systems for $10–and That’s Just the Start

Security Software Back in Focus After Huge Equifax Hack Exposes Millions

EU Set to Charge Microsoft over Browser Choice

Alameda Research and Terra-Backed Privacy Protocol Was Vulnerable to User Data Exploit

Top Gaining Stocks

Top Losing Stocks