All Supported Internet Explorer Versions Plagued by Vulnerability, IE9 Beta Is Safe Though
Redmond-based software giant Microsoft has announced that all stable versions of its Internet Explorer web browser (that would be IE6, IE7 and IE8, not IE9 Beta) are plagued by a vulnerability that, if exploited by a person with malicious intent, could lead to remote code execution. Security Advisory 2458511 has been posted online by Microsoft; it presents detailed information about the recently uncovered vulnerability.
In the aforementioned security advisory, Microsoft explains that the vulnerability that plagues IE6, IE7 and IE8 “exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”
To have his machine compromised, the user would have to visit a website that hosts malicious code that exploits the IE vulnerability. The bad news is that Microsoft is aware of targeted attacks that attempt to exploit this vulnerability and compromise the user’s machine. The good news is that the impact of this vulnerability is extremely limited, as Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant said.
“As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers,” said Bryant. “The exploit code was discovered on a single website which is no longer hosting the malicious code. When a website is discovered to host malicious software, we work through legal channels to take the site down. These kinds of attempts to exploit systems and the people using technology are the activity of criminals. Microsoft takes this very seriously and where possible, we will take legal action against those responsible.”
IE9 Beta users will be glad to know that this IE version is not affected. If you’re thinking about switching to IE9, here are the new features you’ll get:
The first Beta version of Internet Explorer 9 (IE9 Beta) became available for download on the 15th of September. A few days later Group Product Planer with Microsoft Roger Capriotti announced that in the first 2 days following the release of IE9, more than 2 million people downloaded the browser. A few weeks later Senior Director with Internet Explorer Business and Marketing, Ryan Gavin, announced that by October 1, IE9 Beta was downloaded more than 6 million times.
If you would like to get IE9 Beta, you can download the browser from the Beauty of the Web site, a site that Microsoft specifically set up to showcase IE9’s capabilities. Alternatively you can get the browser in your native language by clicking here.
In the aforementioned security advisory, Microsoft explains that the vulnerability that plagues IE6, IE7 and IE8 “exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”
To have his machine compromised, the user would have to visit a website that hosts malicious code that exploits the IE vulnerability. The bad news is that Microsoft is aware of targeted attacks that attempt to exploit this vulnerability and compromise the user’s machine. The good news is that the impact of this vulnerability is extremely limited, as Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant said.
“As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers,” said Bryant. “The exploit code was discovered on a single website which is no longer hosting the malicious code. When a website is discovered to host malicious software, we work through legal channels to take the site down. These kinds of attempts to exploit systems and the people using technology are the activity of criminals. Microsoft takes this very seriously and where possible, we will take legal action against those responsible.”
IE9 Beta users will be glad to know that this IE version is not affected. If you’re thinking about switching to IE9, here are the new features you’ll get:
- IE9 Beta comes with a fresh new UI (user interface) that, as Microsoft’s Corporate Vice President for Internet Explorer, Dean Hachamovitch said, is meant to put the focus on the site, not the browser.
- You can pin websites to the Windows 7 taskbar
- The New Tab Page displays the sites you visit most often (like Opera's Speed Dial)
- All notifications are displayed at the bottom of the page
- Tear-off tabs feature that allows you to snap pages side-by-side using Windows Aero Snap
- Tabs that are related are color coded
- Add-on Performance Advisor identifies add-ons that may be slowing down your browser
- IE9 Beta has a new, faster JavaScript engine
- IE9 Beta provides support for HTML5.
The first Beta version of Internet Explorer 9 (IE9 Beta) became available for download on the 15th of September. A few days later Group Product Planer with Microsoft Roger Capriotti announced that in the first 2 days following the release of IE9, more than 2 million people downloaded the browser. A few weeks later Senior Director with Internet Explorer Business and Marketing, Ryan Gavin, announced that by October 1, IE9 Beta was downloaded more than 6 million times.
If you would like to get IE9 Beta, you can download the browser from the Beauty of the Web site, a site that Microsoft specifically set up to showcase IE9’s capabilities. Alternatively you can get the browser in your native language by clicking here.
