Microsoft probing new hole in IE security

Feb 03, 2010
Attendees try an interactive display at the Microsoft booth at the 2010 International Consumer Electronics Show, in January 2010 in Las Vegas, Nevada. Fresh from patching an Internet Explorer (IE) flaw exploited in cyberattacks on Google and other firms, Microsoft is looking into a newly exposed vulnerability in the browser software.

Fresh from patching an Internet Explorer (IE) flaw exploited in cyberattacks on Google and other firms, Microsoft is looking into a newly exposed vulnerability in the browser software.

"Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer," Microsoft Trustworthy Computing group manager Dave Forstrom told AFP on Wednesday.

"We're currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to responsible disclosure."

The IE flaw is unrelated to cyberattacks disclosed by Google and only poses a threat to computers running on the US software giant's Windows XP computer operating system, according to Microsoft.

A computer defense firm that alerted Microsoft to the IE flaw presented "proof-of-concept" code Wednesday at a Black Hat technology security conference in Washington, D.C.

The demonstration revealed "an information disclosure vulnerability" in IE browsers run on XP or other operating systems if IE Protected Mode is disabled, according to senior security communications manager Jerry Bryant.

"People running IE 7 or 8 in default configurations on Windows Vista or later operating systems are not vulnerable to this issue as they benefit from Protected Mode," said Bryant.

The software giant issued a security advisory warning of the danger and recommending XP users enable a "Network Protocol Lockdown" feature and IE software be set to "Protected Mode."

Users were advised to upgrade to Microsoft's new Windows 7 operating system and the latest browser, IE 8, which feature significant safeguards against hackers.

"Once we're done investigating, we will take appropriate action to help protect customers," Forstrom said.

"This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves."

Microsoft only veers from its usual protocol of releasing security updates the second Tuesday of each month when it deems fixes urgent.

Two weeks ago, Microsoft released an out-of-cycle patch for an IE 6 software hole through which China-based cyber spies attacked Google and other firms.

Microsoft has confirmed that the previously unknown security vulnerability in its IE 6 browser was used in cyberattacks which prompted Google to threaten to shut down its operations in China.

Revealing the attacks on January 12, Google said they originated from China and targeted the email accounts of Chinese human rights activists around the world. The company did not explicitly accuse the Chinese government of responsibility.

Web security firm McAfee Inc. said that the attacks on Google and other companies showed a level of sophistication beyond that of cyber criminals and more typical of a nation-state.

Attackers used email or some other lure to get employees of a targeted company to click on a link and visit a specially crafted website using Internet Explorer.

Malicious software would then be downloaded that has the capability to essentially install "back doors" in machines and give hackers access.

Explore further: Technology to help people with disabilities to learn and communicate

add to favorites email to friend print save as pdf

Related Stories

Microsoft fixes browser flaw used in Google breach

Jan 21, 2010

(AP) -- Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave ...

Internet Explorer a champ but Chrome a contender

Feb 02, 2010

Microsoft's latest version of Internet Explorer (IE) is a hit but Google's Chrome has been steadily gaining ground on the Web browsing software, according to industry figures released Tuesday.

Recommended for you

BPG image format judged awesome versus JPEG

Dec 17, 2014

If these three letters could talk, BPG, they would say something like "Farewell, JPEG." Better Portable Graphics (BPG) is a new image format based on HEVC and supported by browsers with a small Javascript ...

Atari's 'E.T.' game joins Smithsonian collection

Dec 15, 2014

One of the "E.T." Atari game cartridges unearthed this year from a heap of garbage buried deep in the New Mexico desert has been added to the video game history collection at the Smithsonian.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.