Microsoft has released an emergency fix for Internet Explorer, a vulnerability exploited by hackers on the Internet to break into computers which has been fixed. Error is in the older versions of the browser, the latest IE 10 is not affected by the problem. According to the company, the problem is fixed in the code of Internet Explorer 6, 7 and 8.
Anti-virus company Symantec said that there already is a wave of attacks that exploit the vulnerability. In an attack, the attacker tried to upload Bitfrose on the attacked computers, the first samples of which appeared in 2004. Bitfrose – is a backdoor that allows the hacker to steal from your computer the various data. Now most of the attacks with Bitfrose concentrated in the United States.
Hackers exploit originally posted on the website of the American non-partisan organization Council on Foreign Relations (Council on Foreign Relations) in New York and Washington. So, last Friday the company FireEye reported that the site was compromised and the CFR in its code, which in closed forums has been fixed on December 21. Code itself initiates an attack like drive-by. Darren Kindlund, Senior Research FireEye says CFR site uses Flash Player with a special code embedded in the video.
On Saturday, the company AlientVault specified that the code is able to bypass the proprietary technology of Microsoft DEP (data execution prevention) and ASLR (address space layout randomization), to successfully attack Windows XP and Windows 7.