Attention all you IE users: If you needed another reason to update your browser to IE10 (which is awesome, by the way), then here you go:
Microsoft announced over the weekend that it is fixing a vulnerability in its Internet Explorer browser that could allow hackers to take over your PC.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” the company explained in its security advisory. “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
On Monday, December 31, Microsoft said that it has completely closed the vulnerability and users can now administer the fix to their own browsers. It will not require people to reboot their browsers.
The exploit only affects those Windows PC owners who are running IE 6, 7, or 8 and takes advantage of Adobe Flash “to generate a heap spray attack against Internet Explorer version 8.0,” according to security researchers at FireEye. A heap spray attack helps hackers insert their malicious code on a system, but it must be paired with an existing security hole, such as the one in Internet Explorer, that gives them their point of entry into the targeted system.
Furthermore, victims are hit with the attack when they visit a website that is (sometimes unknowingly) hosting malicious code. In this case, a number of security firms, including FireEye and AlienVault, note that the Council on Foreign Relations website was being used to infect anyone who visited it. FireEye says it first heard the CFR website was compromised on Dec. 27, but according to its researchers, the site could have been infected as early as Dec. 21.
Read the Rest on VentureBeat >>>