New IE Remote Code Execution Vulnerability Discovered

An anonymous reader writes "Microsoft is investigating a new remote code execution vulnerability in Internet Explorer and preparing a security update for all supported versions of its browser (IE6, IE7, IE8, IE9, IE10, and IE11). The company has issued a security advisory in the meantime because it has confirmed reports that the issue is being exploited in a 'limited number of targeted attacks' specifically directed at IE8 and IE9."

Re:Internet Explorer 6?

[Anonymous Coward]

Even Microsoft sent flowers to the mock funerals [theregister.co.uk]. And now they're digging out the grave to patch a corpse?

You can be pretty sure they would rather not have to work on it, but they've committed to supporting it until Spring 2014.

They've made a rod for their own back with that one, but that's how it is.

The really exciting bit will be when IE6 support finally does come to an end. I'd be willing to bet there are people who've found expoits but are holding back from using them until then. My bet is that anyone still using IE6 on the day of the last security patch will be hacked into oblivion by the end of that week.

No sensational headlines?

[hAckz0r]

That because the threat has changed. Now it's about botnets and making a long term profit, not just scaring people senseless. If the botnet is not completely stealth then it is not successful, and dies an early death. The current set of botnets are almost military grade software, out there waiting for the highest bidders line of work. The problem has not gone away, its just gone underground where only the most talented admins can even find or track them.

.
Botnet Command and Control map:
https://www.shadowserver.org/wiki/pmwiki.php/Stats/BotnetMaps#botnet [shadowserver.org]