Microsoft Cautions About IE Vulnerability
Microsoft the US-based software giant is cautioning users that its Internet Explorer Web-browser has a serious security flaw, which can let hackers compromise a vulnerable PC and acquire full control over it.
According to an advisory from the company it's evident that the vulnerability has an association with certain CSS function within Internet Explorer. Further, it makes an impact on all of the browser's supported versions currently existing within Windows Vista, XP, 7, Server 2008 R2, Server 2008, Server 2003, and IE 8, 7 and 6. Meanwhile, for taking control over a vulnerable computer, the attacker simply needs to make its operator access a contaminated website.
Also, the new exploit reportedly lets an attacker to actually convert the affected PC into a "zombie" for using it to contaminate other PCs. Alternatively it can be abused to load spyware or other malware on the system.
Said Senior Security Analyst Rik Ferguson at Trend Micro, the hacker could execute multiple codes on the affected PC. According to him, the attack was reminiscent about a flaw detected in 2008 that made governments of different countries embrace a different browser. Mirror.co.uk published this on December 24, 2010.
Researchers alerted that end-users must take heed if they were worried of ID-theft. The simplest method by which an attacker could acquire access to victims' data was doing so from a remote machine.
And once he compromised the target system, he could execute any program using the affected end-user's privileges. Therefore, ordinary users were better safeguarded while users having administrative rights less so.
Moreover, with Protected Mode of Windows 7 and Vista, hackers can have merely low access to compromised computers. But, Windows XP is devoid of such protection.
Unfortunately, a software patch is non-existent to fix the problem; however, Microsoft is on the task. According to the security experts, in case the company doesn't release and out-of-band update then expectedly a patch will be issued through the January 2011 Patch Tuesday.
Till then users have been advised to be careful about following web-links from unfamiliar sources and to deploy genuine security software towards maintaining their computers safe and sound.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 03-01-2011