Older versions of Internet Explorer affected by the Zero-day exploit now have a workaround to the issue, an issue which allowed attackers to achieve the same user rights of the account used to view the website that hosts the malicious code which executed the exploit, which then would allow an attacker to; install programs, view, modify and delete data and even create new accounts with administrator privileges and full user rights.

“The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,” Microsoft explained.

"No sooner have we brought in the New Year and we're already seeing new security threats," said Carl Leonard, Senior Manager of Security Research at Websense Security Lab

"This IE Zero-Day vulnerability preys on those using older versions of IE, a typical tactic used by malware authors. They wouldn't go to the trouble of creating these exploits if they didn't know the older versions were still being widely used. So while many individuals resolve to get in the gym to kick-start the year, I would urge companies to do the same and get their security in the best shape it can be."

The suggested work around and more information on the exploit can be found here.

Enjoyed this article? share it!