NEW YORK: The United States Computer Emergency Readiness Team (US-Cert) on Saturday red-flagged a security flaw in Microsoft’s browser Internet Explorer and issued an advisory.
“Microsoft Internet Explorer scripting engine memory corruption vulnerability,” the state agency tweeted, and described the security flaw as the Microsoft Internet Explorer scripting engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code.
The US-Cert tweeted a Web link and further suggested that “Microsoft has released a workaround for an Internet Explorer vulnerability being used in limited targeted attacks. Implement workarounds and apply updates when available.”
Meanwhile, the US tech giant has confirmed a vulnerability impacting Internet Explorer which was being used by hackers, and added that the supported versions of Windows were affected, including Windows 7, for that it has last week stopped security updates.
The Internet Explorer attacker could remotely use the flaw to run malicious code on an affected computer that would trick a user into opening a malicious website.
TechCrunch reported Microsoft saying that it was aware of targeted attacks and admitted that it was ‘working on a fix,’ and would unlikely to release a patch until its next monthly security fixes which are scheduled for February 11.
Earlier, the maker of the Firefox browser Mozilla too hit by a similar vulnerability.