Computer security: Microsoft Internet Exlporer again exposed
Date: December 01, 2005Source: PC Pro
Microsoft is warning customers that it knows of malicious software being used to exploit a security hole in Internet Explorer, which is as yet unpatched.
Stephen Toulouse from Microsoft's Security Response Center posted on the company blog that 'I wanted to go ahead and let you know some breaking information. We've been made aware that there has been some malicious software exploiting the recently publicly disclosed Internet Explorer vulnerability ... you can visit Windows Live Safety Center if you think you might be infected as a result of this vulnerability. We encourage you to use the Complete Scan option to check for and remove this malicious software. Know that the IE team is hard at work on an update, and we will continue to investigate these public reports.'
The vulnerability was first announced in May, but recently proof of concept code was made available that demonstrated how the security flaw could be exploited via JavaScript functions to feed in and execute malicious code remotely.
In order to do this successfully, an attacker would have to persuade a victim to visit a malicious website, but despite this slight mitigation, the risk posed by the problem has consequently escalated. Secunia now rates it as 'Extremely critical' - its highest warning level.
The vulnerability affects pretty much every version of Windows, from 98 to XP SP2, and potentially Windows Server 2003 systems if the 'Enhanced Security Configuration' option has been turned off (although by default it is enabled).
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2007-02-26 03:14:36 - The information I found here was rather... uomo |
| 2007-02-22 10:54:52 - Nice site you have!... dizionario |
| Total 2 comments |
