Danger! Internet Explorer zero-day vulnerability – no patch yet

Graham Cluley
Graham Cluley
@[email protected]

Danger zone
Microsoft has released a security advisory about a previously unknown vulnerability in versions of Internet Explorer. There is currently no patch for the vulnerability which is being blamed, in part, for the high-profile attacks against Google, Adobe and other companies.

Microsoft has published some mitigation advice and workarounds which can reportedly help block attack vectors, but at the time of writing there is no official patch available.

There has been much speculation in the computer security industry (including some from myself!) that an Adobe PDF vulnerability could have been the route through which hackers delivered malware into Google and Adobe’s systems. Certainly we have seen a significant rise in the last year of targeted attacks exploiting vulnerabilities in Adobe’s code.

But researchers close to the Google/Adobe hacking investigation say that they have found no evidence so far of the attack exploiting Adobe’s software in this way. Indeed, a statement posted yesterday on Adobe’s blog confirms this.

Sign up to our free newsletter.
Security news, advice, and tips.

So, right now, Microsoft Internet Explorer is being looked at with suspicion. And as the world’s most popular internet browser it’s obviously a serious cause for concern that an unpatched vulnerability that allows remote code execution exists that is being actively exploited by cybercriminals.

System administrators and computer owners around the world will be holding their breath that an official patch from Microsoft arrives sooner rather than later. In the meantime, Microsoft is recommending that Internet Explorer users use Data Execution Prevention (DEP) – a technology that is enabled in Internet Explorer by default but needs to be turned on in earlier versions.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.