Microsoft warns about flaw that makes hacking easier
December 26th, 2010 - 1:05 pm ICT by IANSLondon, Dec 26 (IANS) Microsoft has warned about a flaw on the Internet Explorer browser that could allow hackers to take control of unprotected computers.The bug allows hackers to inject malware onto any system if they manage to trick users into visiting booby-trapped websites. Anyone with Internet Explorer (IE) 6 to 8 is potentially affected.
The code to exploit the bug has already been published. The computer giant said there was no evidence it was being used yet by criminals but they were “investigating” and working on a permanent fix, reports the Daily Mail.
Dave Forstrom, director of Microsoft’s Trustworthy Computing group, said: “We’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact.”
The bug targets how the browser manages a computer’s memory when it is processing Cascade Style Sheets - which are design instructions that determine how most web pages look.
Hackers can inject their own code into the stream of instructions and in this way hijack the PC. Although Microsoft has improved how memory management is protected, it does not work when some older parts of Windows are called on.
The bug first came to light on the seclists.org full disclosure mailing list earlier this month.
Rik Ferguson, security analyst at Trendo Micro, told the BBC: “As vulnerabilities go, this kind is the most serious as it allows remote execution of code.
“This means the attacker can run programmes, such as malware, directly on the victim’s computer.”
“It is highly reminiscent of a vulnerability at the same time two years ago which prompted several national governments to warn against using IE and to switch to an alternative browser.”
- Users at risk of IE bug, warns Microsoft - Dec 24, 2010
- Microsoft announces automatic upgrades for Internet Explorer - Dec 16, 2011
- Microsoft web browser faces security risk - Feb 01, 2011
- Chinese used 'flaws' in Microsoft explorer to hack Google - Jan 16, 2010
- 900m Internet Explorer users at risk as Microsoft warns of security flaw - Feb 01, 2011
- BLADE software eliminates threats of 'drive-by downloads' from Internet - Oct 07, 2010
- Microsoft issues emergency patch for Internet Explorer - Dec 18, 2008
- How hackers can 'snoop on private web sessions too' - Jul 26, 2010
- MP3 can cost you your car - Mar 17, 2011
- The IE9 Beta gets launched - Sep 21, 2010
- One in 10 computers vulnerable to cyber attack - Jul 23, 2010
- Google Resolves Several Problems For Chrome In New Version - Aug 22, 2010
- Russian internet users double - Sep 24, 2011
- Adult sites use bug to track user's browsing history - Dec 03, 2010
- Google's Chrome browser focuses on speed, not extras - Dec 21, 2009
Tags: attacker, bbc, cascade style sheets, computer giant, computing group, customer impact, daily mail, ferguson, full disclosure, hackers, ie 6, internet explorer browser, mail dave, memory management, national governments, security analyst, trendo micro, trustworthy computing, unprotected computers, vulnerability