Microsoft investigating new zero-day exploit

By on
Microsoft investigating new zero-day exploit

Microsoft has reacted quickly to a new vulnerability in Internet Explorer which could allow remote code execution.

Jerry Bryant, senior security communications manager at Microsoft, said in a blog post yesterday that the issue, which was posted at the end of last week, had no obvious exploits but could pose some problems.

"An issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop-up dialogue box," he said.

"We are not aware of any attacks seeking to exploit this issue at this time, and in the current state of our investigation we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista are not affected."

The issue concerns Windows Help files and VBScript, file types designed to invoke automatic actions during normal use.

"While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system," said Bryant.

Microsoft urged users to ensure that their security software is up to date and that they have a firewall in place.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
allow code exploit issue microsoft security software windows

Partner Content

Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes

Sponsored Whitepapers

Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

Australian MSP Index launched

Australian MSP Index launched
Ingram Micro Ushers in the Age of Ultra

Ingram Micro Ushers in the Age of Ultra
Announcing Pipeline 2025 tickets, theme & initial speakers

Announcing Pipeline 2025 tickets, theme & initial speakers
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?