Microsoft warning over browser security flaw

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • DVTimes
    xxx
    • Jun 2003
    • 31658

    #1

    Microsoft warning over browser security flaw

    http://www.bbc.co.uk/news/technology-12325139

    Microsoft has issued a "critical" warning over a newly-discovered flaw in Windows.

    In a security advisory, the company warned of a loophole that could be used by malicious hackers to steal private information or hijack computers.

    The bug potentially affects every user of the Internet Explorer web browser - around 900 million people worldwide.

    Microsoft has issued a software patch to defend against attacks, and said it was working to develop a long-term fix.

    The security advisory, which was published on Friday, details how the vulnerability can be used to manipulate users and take over their machines.

    Although the flaw is actually inside Windows itself, it only appears to affect the way that Internet Explorer handles some web pages and documents.

    Microsoft admitted that the problem meant users could easily be fooled into downloading malicious files by doing something as simple as clicking on a web link.

    "When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session," wrote Microsoft representative Angela Gunn in a website announcement accompanying the advisory.

    Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added.

    "Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience."

    Although Microsoft said it had seen no evidence that the glitch had already been exploited by hackers, it warned that research had shown it was a serious threat.

    And while it has not been able to remove the bug itself, it issued a "fix it" security patch to block any attempts to use it.

    All Windows users - particularly those who use Internet Explorer - are being urged to download the fix while the company's security team develop a way to plug the hole permanently.
    XXX
  • u-Bob
    there's no $$$ in porn
    • Jul 2005
    • 33063

    #2
    Reminds me of the old days:

    [email protected] wrote "Visiting malicious web sites is not real exploit scenario"

    Comment

    • SmokeyTheBear
      ►SouthOfHeaven
      • Jun 2004
      • 28609

      #3
      i have seen it being used in the wild for the last 2 weeks
      hatisblack at yahoo.com

      Comment

      Working...