Late last week, researchers from a Chinese company called Qihoo 360 disclosed a new zero day Internet Explorer (IE) vulnerability. According to their report, attackers can exploit the flaw by sending you a Word document with specially embedded content. If you open such a document, it may execute code on your computer with your privileges. At the time of the video, Microsoft hadn’t responded to this report. Nonetheless, watch the video below for advice on how to mitigate this sort of attack until they do release a patch.
Episode Runtime: 2:27
Direct YouTube Link: https://www.youtube.com/watch?v=p3HT8gj0DzA
- Qihoo 360 discloses a new Internet Explorer 0day – ZDNet
- Nice summary of the issue by Bleeping Computer – Bleeping Computer
- Chinese researchers blog post on the IE 0day (translation required) – Weibo
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply