The vulnerability is exposed when MSXML accesses an object in memory that has not been initiated, leading to memory corruption such that an attacker could execute arbitrary code in the context of logged-in user.
Albeit, the vulnerability can only be exploited if a user visits an infected web site, the likelihood of users been tricked into visiting such sites is very high, given the rampage of social networking, emails and other messaging platforms whereby such phishing can be perpetrated.
The Patch Tuesday, however have afforded a temporary fix, now available for download on Microsoft Support website, Technet.
IE is perhaps saddled with history of security flaws, which were also responsible for the earlier Gmail hacks originating from China. And coupled with the current trends of state-sponsored cyber attacks, Google had recently launched a notification service to alert users of suspicious activities on their accounts.
Microsoft, indeed must have to work-out a thorough security system for its browser, Internet Explorer, in view of the growing browser wars.
Sign up here with your email