[SingCERT] Microsoft Internet Explorer Zero Day Exploit - Updated

Published on Wednesday, 14 May 2014 10:00

[ Background ]

Microsoft Internet Explorer (IE) versions 6 to 11 are being exploited by a new vulnerability.  The exploit bypasses both the Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) protections found in Windows, which are meant to minimize the chances of an exploit running successfully.

[ Impact ]

System memory may be corrupted and arbitrary codes could be executed remotely to compromise your organisation’s systems.

[ Solutions/Alternatives ]

Microsoft has released an update for the vulnerability. Users are advised to update their systems as soon as possible by visiting Windows Updates.


[ References ]