Send tip

Category: Tech

Microsoft Warns About IE Security Flaw

Written on February 01, 2011 by Japhet Writ

1 person

Uh-oh! Microsoft's IE just got another zero-day hole from their enemies. If something's weird happening on your webpage, then you might be a victim.

After a publication of an attack code for a zero-day vulnerability, has issued a warning for its users. Akin to a server-side cross-site scripting (XSS) vulnerabilities, the flaw enables the attacker to run codes when a malicious webpage is loaded in the same security context as . It exists due to MHTML’s manner of interpreting some MIME-format requests for document portions.

That said, an attacker can inject a code by simply modifying the requests. That code will then cause a flaw that can spoof a webpage content, disclose an information from the victim’s computer, and interact on sites without user-input. However, this vulnerability is not thought to be under active exploitation. Still, Microsoft admits that the attack code is publicly available.

The security flaw can affect all versions of Windows. But for Windows 7 and Windows Server 2008 R2 owners, the zero-day hole can be resolved by enabling the MHTML Lockdown Mode. Meanwhile, Microsoft is already working for a patch on this one.

View Article Source »
Share

Related articles


Featured


View all