Computer Crime Research Center


Computer security: Microsoft Internet Exlporer again exposed

Date: December 01, 2005
Source: PC Pro

Microsoft is warning customers that it knows of malicious software being used to exploit a security hole in Internet Explorer, which is as yet unpatched.

Stephen Toulouse from Microsoft's Security Response Center posted on the company blog that 'I wanted to go ahead and let you know some breaking information. We've been made aware that there has been some malicious software exploiting the recently publicly disclosed Internet Explorer vulnerability ... you can visit Windows Live Safety Center if you think you might be infected as a result of this vulnerability. We encourage you to use the Complete Scan option to check for and remove this malicious software. Know that the IE team is hard at work on an update, and we will continue to investigate these public reports.'

The vulnerability was first announced in May, but recently proof of concept code was made available that demonstrated how the security flaw could be exploited via JavaScript functions to feed in and execute malicious code remotely.

In order to do this successfully, an attacker would have to persuade a victim to visit a malicious website, but despite this slight mitigation, the risk posed by the problem has consequently escalated. Secunia now rates it as 'Extremely critical' - its highest warning level.

The vulnerability affects pretty much every version of Windows, from 98 to XP SP2, and potentially Windows Server 2003 systems if the 'Enhanced Security Configuration' option has been turned off (although by default it is enabled).
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-02-26 03:14:36 - The information I found here was rather... uomo
2007-02-22 10:54:52 - Nice site you have!... dizionario
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo