There is a vulnerability (flaw) which allows targeted attacks via Internet Explorer versions 6 through 11 to be made on MS Windows PC’s.
The attack seems complex to me and probably not easily made against the masses. The ultimate goal of an attacker would be to encourage a PC user to visit dangerous websites.
Microsoft plan to fix the problem with updates distributed in their normal way, i.e. monthly updates.
If you want to find out more you can visit ITPRO here. Some PC’s will be more vulnerable than others depending on what version of Windows is used and whether Outlook, Outlook Express or Windows Mail are viewing an HTML document.
Or you could visit Microsoft here and read Microsoft Security Advisory 2963983, Published: April 26, 2014.
WordPress Vulnerability Affecting Mobiles
I just want to pass on knowledge of this WordPress vulnerability affecting mobiles, detected by AVAST, whereby mobile device users are susceptible to redirection. They can be redirected to a malicious web site from WorbPress blogs where the blogger is using a plugin called OptimizePress. NOTE: I am not using that plugin in this blog.
Read all about it in this AVAST Blog Post published on 17th April 2014.
This is the malicious web site so I have not embedded a link to it — http://18.104.22.168.
For a week now it has been known that there is an IE9 Zero Day Vulnerability.
Get This Zero Day Vulnerability Fixed
Now Microsoft have published a fix which came to me today in the form of an update as follows (for Windows 7):
Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2744842)
Update type: Important
Security issues have been identified that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. After you install the update, you may have to restart your computer.
More information: http://go.microsoft.com/fwlink/?LinkId=255505
Help and Support: http://support.microsoft.com
Zero Day Vulnerabilities are those which have already been exploited by the time the software developer finds out about them.