Major security flaw in Internet Explorer


16 Dec 2008

Microsoft has warned users of Internet Explorer (IE) 7 that hackers have been attacking a vulnerability in the current version of the web browser that, in a worst-case scenario, could potentially lead to remote takeover of their computer – and the threat is rising rapidly.

Basically, a vulnerability in the browser has left it, according to Microsoft, ‘exploitable’, while the older IE 6 and Beta 2 version of IE 8 are also potentially vulnerable.

On Microsoft’s Threat Research & Response blog, authors Ziv Mador and Tareq Saade said that “a significant number of users have been affected” by the vulnerability, with an increase of over 50pc in the number of reported attacks since Sunday, 13 December.

“Based on our stats, since the vulnerability has gone public, roughly 0.2pc of users worldwide may have been exposed to websites containing exploits of this latest vulnerability.”

Microsoft is also warning that the new exploits for IE 7 are being hosted on pornography sites.

“Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability,” Microsoft said in an official statement.

The workarounds advised by Microsoft are: enable a firewall, apply all software updates and install antivirus and anti-spyware software. Further information on securing your computer is available at www.microsoft.com/protect/.

By Marie Boran