The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
2014-05-01 Microsoft has released security update MS14-021 to fix the flaw. Get it by running Microsoft Update now.
In other words, if you visit a website designed to take advantage of the vulnerability, it could run code within IE that gives the attacker control of the victim’s computer.
Related“Why use a standard user account instead of an administrator account?”
There is no patch, yet, but you can avoid the flaw by not clicking suspicious links on websites or in emails. Also, ensure you are logged into your computer as a standard user, not an administrator. An attacker can do less damage if your account does not have administrative permissions. Better yet, don’t use IE until Microsoft issues a patch. Use Chrome, Firefox, or Safari instead.
Fortunately, Lawyerist users are a tech-savvy bunch compared to the Internet at large. Only about 16% of our visitors are using Internet Explorer. According to NetMarketShare’s data, about
26% of Internet users are still on IE.
Zero day means you will not have advance warning of an attack. ↩