Late Saturday Microsoft revealed a vulnerability in all versions of Internet Explorer that is being used in “limited, targeted attacks.” They are investigating the vulnerability and exploit and have not yet determined what action they will take in response or when. All versions of Internet Explorer from 6 through 11 are listed as vulnerable as well as all supported versions of Windows other than Server Core. Windows Server versions on which IE is run in the default Enhanced Security Configuration are not vulnerable unless an affected site is placed in the Internet Explorer Trusted sites zone. The vulnerability was reported to Microsoft by research firm FireEye. FireEye says that, while the vulnerability affects all versions of IE, the attack is specific to versions 9, 10 and 11. It is a “use…

Continue reading:

Microsoft discloses zero day in all versions of Internet Explorer


Also published on Medium.