A new security flaw has been discovered in Internet Explorer, but has existed in Microsoft’s web browser since IE6. At the moment, however, only versions IE9, IE10, and IE11 have been exploited by the security flaw, with Windows Server Core as the only exception.
The zero-day vulnerability consists of an Adobe Flash loophole that allows hackers to upload malicious code to a computer remotely while an individual goes to a harmful site. The Adobe Flash loophole uses an Adobe Flash SWF file through a process called heap feng shui.
The process seizes the internal memory storage of a computer, inputs malicious shellcode, and continues to do so until it either achieves its purpose or the computer crashes (or both), bypassing Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). Data Execution Prevention is designed to prevent any sort of data from being executed (particularly remote data input). Address Space Layout Randomization is designed to prevent hackers from accessing weak areas in a given program by moving data libraries, stacks, heaps, and executable bases to different locations within computer internals. With randomization, it becomes more difficult for hackers to install malicious code remotely and know where certain data are located within a device.
The new loophole has only been performed in “limited, targeted attacks” for the time being, but it’s significant enough that Microsoft is considering an updated security patch release sometime soon.
The vulnerability was discovered by firm FireEye, but IE9, IE10, and IE11 users can utilize Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) to increase internet security. According to FireEye, EMET version 4.1 (not 3.0) will fortify IE versions 10 and 11, so long as users select “Enhanced Protection Mode via their Internet Options settings menu.
FireEye concludes that the latest security flaw affects 26.25% of all internet browsers on the market, based on 2013 estimates.
Alongside of the need for IE security enhancements, Microsoft has provided a voice command enhancement for its music app. Now, you can use voice dictation to access your favorite songs and playlists.