Software maker Microsoft Corp has warned users of an Internet Explorer (IE) bug that could hack into computers and take control of unprotected computers. The software giant did say, however, that it does not appear hackers have begun using the exploit. Code to exploit the bug has already been published though Microsoft said it had no evidence it was currently being used by hi-tech criminals. The company said it is still working on a permanent solution to debug the IE.

Hackers and cyber criminals can exploit IE’s memory management to inject their own malicious code into the stream of instructions a computer processes as a browser is being used.

The technical advisory released by the company states that the vulnerability exists due to the creation of uninitialized memory during a Cascading Style Sheets function within Internet Explorer. The newly discovered bug was first disclosed by the IT security firm Vupen on December 9. A video demonstration of an attack was posted by researchers on Tuesday.
Meanwhile, Microsoft has also recommended the use of a protection system known as the Enhanced Mitigation Experience Toolkit (EMET). EMET 2.0 is a free download available from Microsoft’s site. Windows XP users may have to update the version of the operating system they are using while installing and applying the toolkit. However, some of the protection features that Windows 7 and Vista users enjoy will not be available to those using Windows XP.

Microsoft’s Forstrom did not set a patch date for the vulnerability, but said the company would take “appropriate action” once it had wrapped up its investigation. The next regularly-scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month and just did so last week, it’s possible the vulnerability won’t be addressed until February.

Via Silicon India