Wednesday, April 30, 2014

Security Advisory on Internet Explorer Version 6 to 11

Microsoft published a security advisory warning users that a new vulnerability (CVE-2014-1776) has been found, which affects Internet Explorer version 6 to 11. This security issue corrupts system memory in a way that can allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer (IE).

In a web-based attack scenario, an attacker can host a website containing a specially crafted Flash content that will exploit this vulnerability. Attacker invites the user to visit these websites through phishing or other social engineering methods. Typically, the users are lured to click a link in an email message or Instant Messenger message, which takes them to the attacker’s website

At present, there are no security patch / hotfix available for this vulnerability. Considering the potential risk, we recommend below security controls as precautionary measures to safeguard our network: