Security Update for Internet Explorer
Report ID: MS201405001
Date Published: 2 May 2014
Compromise Type: remote-code-execution
Compromise From: remote
Internet Explorer 11
Internet Explorer 10
Internet Explorer 9
Internet Explorer 8
Internet Explorer 7
Internet Explorer 6
Microsoft has released a security update that addresses a critical vulnerability in versions 6 to 11 of the Internet Explorer web browser. There have been reports of targeted attacks against this vulnerability in the wild.
A vulnerability (CVE-2014-1776) in the way Internet Explorer accesses an object in memory that has been deleted or improperly allocated can corrupt the memory and allow an attacker to execute arbitrary code in Internet Explorer in the context of the current user.
Successful exploitation may gain the attacker the same user rights as the current user; if the user has full administrative privileges on the system, the attacker may gain complete control of the system.
Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-021)