Microsoft shared details of workarounds that Windows users can implement to protect themselves against exploits targeting a new zero-day vulnerability which allows attackers to steal information from users.

The company confirmed reports of the newly discovered Windows security hole, as well as the fact that both published information and proof-of-concept code made their way into the wild.

According to the software giant, the flaw resides in the MHTML (MIME Encapsulation of Aggregate HTML). Applications such as Internet Explorer leverage MHTML to interpret MIME-formatted requests for content blocks within certain documents that need to be rendered. More »

Microsoft has confirmed a zero-day vulnerability affecting all supported versions of Internet Explorer, including IE8, IE7 and IE6.

The Redmond company explains that the security flaw involves the creation of uninitialized memory during a CSS function within the browser.

“It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution,” the software giant informed.

Given the fact that successful exploits against this vulnerability can allow for remote code execution, and attacker could potentially take over a victim’s computer.

However, Dave Forstrom, Director, Trustworthy Computing, Microsoft denied that this has happened yet. More »