News

An 0day Vulnerability is Once Again Threatening All Versions of the IE Browser

2014-05-06

On April 27th Beijing time, Microsoft's latest security notification reported a significant 0day vulnerability for the IE browser (CVE-2014-1776). The vulnerability can allow hackers to remotely attack users' computers and steal user data, bank account passwords, and other private information. This vulnerability was first disclosed last Friday by Fire Eye researchers and was confirmed by Microsoft on Saturday. This vulnerability has an extremely wide range of impact. It affects all Microsoft IE browser versions (IE6, IE7, IE8, IE9, IE10, IE11).‍‍

‍‍


According to Microsoft, the primary reason this vulnerability exists is due to the fact that, when IE accesses some object, its memory is deleted or improperly allocated. This causes damage to the memory and allows hackers to execute any code they wish in IE.

 

Current research shows that there are 55% of browser users using IE, which means all of them will take risk of being attacked by hackers. Microsoft has already released the patch for this 0day vulnerability at 10pm on 1st May. Customer could enable the option of automatic update to install the patch or search the patch manually. Although Microsoft has announced that it will stop providing security updates and patches to Windows XP users on April 8th, the newly released the patch still covers Windows XP, which indicates that this vulnerability indeed affect customers on large scale.

 

In light of the current situation, the Baidu Antivirus Team suggests that users protect themselves against this vulnerability by using the methods below:

 

1)  Install the newly released patch for 0day vulnerability immediately.

2)  Install Baidu Antivirus to protect against potential trojan attacks and continue to maintain the security of XP systems.

Download Baidu Antivirus: http://antivirus.baidu.com/en/