Microsoft IE Vulnerability Leaves 900 Million at Risk

Tuesday, February 01, 2011



Microsoft announced they are preparing both short and long term solutions to a vulnerability in Internet Explorer that leaves as many as 900 million users susceptible to hackers.

Microsoft issued a security advisory last week alerting users to a scripting vulnerability that affects all versions of the Windows operating system.

The flaw could allow attackers to inject code designed to trigger maliware in order to harvest private information such as email passwords, as well as redirect users to spoofed websites.

The vulnerability resides in the MHTML protocol used to render some documents when running applications in Windows.

“The main impact of the vulnerability is unintended information disclosure. We're aware of published information and proof-of-concept code that attempts to exploit this vulnerability, but we haven't seen any indications of active exploitation," Angela Gunn, a Microsoft representative told online technology site Tech Eye.

“The workaround we are recommending customers apply locks down the MHTML protocol and effectively addresses the issue on the client system where it exists. We are providing a Microsoft Fix-it package to further automate installation,” Gunn said.

Microsoft believes there have been no incidents of exploitation of the flaw to date, and is notifying other service providers of the vulnerability which may affect third-party websites.

The company recommends users visit the Microsoft Security Response Center to track progress on the patch and other mitigation efforts.


Possibly Related Articles:
XSS Microsoft Privacy Vulnerabilities Headlines Internet Explorer Malicious Code MHTML
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked