A new vulnerability has been found in Internet Explorer that affects Internet Explorer 6, 7, 8 and 9. The vulnerability allows attackers to execute code on a machine by just having a user visit a malicious website which can happen for example by tricking the user to click on a link in an email or via compromised legitimate websites.
The vulnerability itself lies in the way that Internet Explorer accesses an object that has been deleted or not properly allocated and it has now been included in Metasploit which means it's available publicly and considering it's an Internet Explorer vulnerability we anticipate that we'll soon see this being used in broader attacks. More information about the vulnerability can be found in this Microsoft Advisory.
We have released updates to the real-time analytics of Advanced Classification Engine (ACE) which means that Websense customers are protected. As a member of Microsoft Active Protection Program (MAPP) we are working with Microsoft to monitor the situation.
Leave a reply