Microsoft has recently detected some vulnerability in all versions of the Internet Explorer browser. Thus Microsoft has warned people of this new publicly-disclosed vulnerability. This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process.
What Microsoft has to say about the cause?
The Metasploit project recently published an exploit for this vulnerability using a known technique to evade ASLR (Address Space Layout Randomization) and bypass DEP (Data Execution Prevention).
That means, the risks are because of the creation of uninitialized memory during a CSS function within Internet Explorer which can be exploited by the attackers for the remote code execution.
How to safeguard?
As of now, there is no fix developed by Microsoft to protect the browser but what users can do is install the EMET to minimize the risk and protect the iexplore process.
[Read full story here]