Critical security flaw threatens Internet Explorer

Exploit code for a new critical flaw in Microsoft’s Internet Explorer is now circulating on the internet, which allows remote attackers to take over users’ PCs.

Exploit code for a new critical flaw in Microsoft’s Internet Explorer is now circulating on the internet, which allows remote attackers to take over users’ PCs.

The flaw affects versions 5.5 and 6 of Internet Explorer and Microsoft has no patch for the vulnerability.

The security hole is related to the way the browser handles Javascript code, which leaves users vulnerable to their machines being taken over by remote attackers simply by visiting a malicious website.

No further user interaction is needed to set off the attack, so under the terms of Microsoft’s definition of threats the flaw can be deemed as critical.

The flaw affects both the Windows 2000 and XP operating systems, including those XP systems running the Service Pack 2 security bundle.

Both internet security firm Secunia and the SANS security institute have reported warnings about the threat, which has existed for around six months.

Until now it was thought the flaw could only be used to potentially set off a denial-of-service attack on a network, which is regarded as a less serious threat in the industry.

The fact that the vulnerability can now be used to completely take over machines means the industry now expects Microsoft to quickly deal with the problem.

Microsoft said it was looking at the threat and considering whether to issue an immediate patch or bundle one as part of next month’s scheduled patching cycle.

The company is already considering whether to issue a patch for another different Windows flaw which allows attackers to launch a denial-of-service attack and crash networks.

As for the newly discovered threat, the only current workaround for users is to either turn off Javascript support in their browsers or use a different browser.

Read more on Hackers and cybercrime prevention

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close