Send tip

Category: Tech

Malicious CSS Codes Threaten Internet Explorer

Written on December 30, 2010 by B Waldorf

6 persons

"Investigating new, public reports of a vulnerability in all supported versions of Internet Explorer, and on completion of this investigation, Microsoft will take the appropriate action to protect our customers." - Microsoft

has just issued a warning about an un-patched zero-day vulnerability of their which leaves Windows open to attacks.¬†The case, which was discussed in Microsoft’s Security Advisory 2488013, relates to ’s handling of malicious Cascading Style Sheet (CSS) code. This can be exploited to overwrite uninitialized memory and execute arbitrary code.

The flaw can be exploited via remotely run code under the account of the user by simply visiting a CSS webpage that contains the malicious code.¬†Unfortunately, there is no fix yet, although Microsoft reports that they’re investigating the issue.

Here’s their quote on the matter:

“Investigating new, public reports of a vulnerability in all supported versions of Explorer, and on completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”

In the meantime, it is advised for users to run in a Protected Mode and ensure that their user account is not configured as system administration. This will limit the rights view sites that might contain the malicious code.

Although Microsoft claims to be ‘unaware of any active exploitation of this vulnerability,’ it neither confirms nor deny that the flaw is of public knowledge.

View Article Source »
Share

Related articles


Featured


View all