Microsoft Warns About IE Security Flaw
Uh-oh! Microsoft's IE just got another zero-day hole from their enemies. If something's weird happening on your webpage, then you might be a victim.
After a publication of an attack code for a zero-day vulnerability, Microsoft has issued a warning for its Windows users. Akin to a server-side cross-site scripting (XSS) vulnerabilities, the flaw enables the attacker to run codes when a malicious webpage is loaded in the same security context as Internet Explorer. It exists due to MHTML’s manner of interpreting some MIME-format requests for document portions.
That said, an attacker can inject a code by simply modifying the requests. That code will then cause a flaw that can spoof a webpage content, disclose an information from the victim’s computer, and interact on sites without user-input. However, this vulnerability is not thought to be under active exploitation. Still, Microsoft admits that the attack code is publicly available.
The security flaw can affect all versions of Windows. But for Windows 7 and Windows Server 2008 R2 owners, the zero-day hole can be resolved by enabling the MHTML Lockdown Mode. Meanwhile, Microsoft is already working for a patch on this one.View Article Source »