Last week, we let you know about a zero-day flaw in IE10 that was reported by FireEye Labs. Full information about that reported vulnerability can be read here: IE10 Flaw Under Active Attack.
At the time, there was concern that the vulnerability may be present in other versions of Internet Explorer. During joint investigation between Microsoft and FireEye Labs, it was concluded that the exploit is also present in IE9.
I was contacted by Microsoft over the weekend and they gave the following statement of clarification:
"Microsoft is aware of limited, targeted attacks against Internet Explorer 10. Our initial investigation has revealed that Internet Explorer 9 and Internet Explorer 10 are affected. We will take the necessary steps to protect customers; meanwhile, we recommend customers upgrade to Internet Explorer 11 for added protection." – a Microsoft spokesperson
A fix will be available, eventually, but if you want to be protected immediately upgrade to IE11.
It's easy to blame Microsoft over the vulnerability, but consider that the flaw is actually how Adobe's Flash scripting language works with Internet Explorer. During the System Center Universe at the end of January, Secunia outlined how Windows itself is only a very small piece of security problems. The majority of security issues are caused by applications that run on top of Windows. These applications actually cause problems for Windows, opening holes into the operating system through poorly executed security development.
And, Adobe software remains some of the most unsecure code around. According to Secunia, Adobe takes the top spot as the leading vulnerability maker for Windows systems. It confounds me to this day how the software maker's wares are even allowed to exist.
