Microsoft Investigating New Vulnerability in Internet Explorer

The Microsoft Security Response Center warned on February 26, 2010 that an un-patched security flaw in VBScript could be exploited to execute malware on the systems of those using Internet Explorer 6, 7 and 8.

Maurycy Prodeus, a Polish Security Analyst at iSEC Security Research, first discovered the flaw, as reported by Tom's Guide on March 1, 2010.

The flaw jointly uses Microsoft's Windows help files and Visual Basic language scripts to manipulate Internet Explorer. When an attack occurs, attempts are made to entice victims into accessing an infected website which shows a specially crafted dialog box, said Microsoft. Instructions appear in the box asking visitors to hit F1 on the keyboard. But this leads to the loading of malware on the visitors' systems. Normally, F1 is pressed on the keyboard to get help functions.

The security experts explain that winhlp32.exe can be invoked from IE, which may result in the execution of remote code.

According to Microsoft, Windows Help files are classified as unsafe files. These can be used to run automatic activities, while the files are normally utilized. Although these files are very helpful productivity-wise, attackers too can use them for system compromise.

However, the security flaw doesn't affect Windows 7, Vista and Server 2008. Moreover, the problem becomes less severe on Windows Server 2003, where IE Enhanced Security Configuration runs as a default function. No reports though have come in so far regarding attacks which abuse the flaw.

Meanwhile, Microsoft has issued a Windows advisory related to the problem. It says that users shouldn't hit the F1 key if any website prompts to do so. They should avoid accessing Windows Help System. Local Intranet Security and Internet configurations should be configured to "high" so that Active Scripting and ActiveX Controls can be blocked. Finally, IE should be set to give indications prior to running Active Scripting or Active Scripting should be deactivated in the Local Intranet Security field and the Internet.

According to the security experts, users of Windows XP may use alternate browsers since IE is greatly targeted in malware attacks.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 05-03-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial