Hackers have latched onto a vulnerability in Internet Explorer patched by Microsoft last week as a useful way to spread malware.
The security bug stems from memory mismanagement in Internet Explorer, or more particularly a use-after-free bug. Technologies built into the latest versions of Windows – including DEP (data execution prevention) and ASLR (address-space layout randomisation) – are meant to make this sort of attack harder but have both come up short in this instance.
'Net users are advised to patch Windows systems to defend against the exploit, if they haven't done so already. A good write-up of the vulnerability can be found in a blog post by Sophos here.
The flaw in IE is unrelated to the a browser bug associated with news of "state-sponsored attackers" and Google that made the news last week. ®