Microsoft confirmed this week another zero day security flaw had hit Internet Explorer (IE), affecting all versions of the browser.
In a security advisory released late yesterday, the software giant confirmed a remote code execution vulnerability which was a result of an invalid flag reference in IE.
The issue had already been taken advantage of, as Microsoft admitted to being "aware of targeted attacks." However, the company has yet to confirm a fix for the problem.
"We will continue to monitor the threat environment and update this advisory if this situation changes," the advisory said.
"On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
The usual advice has been given to customers of ensuring your security software is up to date and to upgrade to the latest version of the browser, IE8.
-
Oracle's huge AI spending has some investors worriedNews Oracle says in quarterly results call that it will spend $15bn more than expected next quarter
-
A concerning number of Log4j downloads are still vulnerable four years onNews Despite safe Log4j versions having been available for years, many organizations haven't introduced them
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
