Microsoft Corp is scrambling to resolve a new zero-day vulnerability in its widely used Internet Explorer web browser from version 6 to the current Internet Explorer 11. The remote code execution vulnerability can allow a hacker to execute code or access objects in memory that have been deleted.
Heartbleed has resided in production versions of OpenSSL for more than two years, which made it possible for attackers to recover the private encryption key at the heart of digital certificates. The attack leaves no traces in the server logs, so there's no way of knowing if the bug was actively being exploited.
In an unexpected move, Microsoft also updated Internet Explorer versions 6, 7, and 8 on Windows XP machines. Although Windows XP was retired on April 8, 2014, Microsoft acknowledged with a blog post its decision to provide XP customers with this patch.
Today is Tax Day! The IRS was not affected by Heartbleed (unlike the Canadian Revenue Agency). Check out my latest Tech Blog Article on +PennLive.com and share your thoughts with me here or on the article.
The Internal Revenue Service has stated that “The IRS continues to accept tax returns as normal. Our systems continue operating and are not affected by this bug, and we are not aware of any security vulnerabilities related to this situation.” They also advise taxpayers to continue filing their tax returns normally in advance of the April 15 deadline.