Microsoft probing new hole in IE security

Feb 03, 2010
Attendees try an interactive display at the Microsoft booth at the 2010 International Consumer Electronics Show, in January 2010 in Las Vegas, Nevada. Fresh from patching an Internet Explorer (IE) flaw exploited in cyberattacks on Google and other firms, Microsoft is looking into a newly exposed vulnerability in the browser software.

Fresh from patching an Internet Explorer (IE) flaw exploited in cyberattacks on Google and other firms, Microsoft is looking into a newly exposed vulnerability in the browser software.

"Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer," Microsoft Trustworthy Computing group manager Dave Forstrom told AFP on Wednesday.

"We're currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to responsible disclosure."

The IE flaw is unrelated to cyberattacks disclosed by Google and only poses a threat to computers running on the US software giant's Windows XP computer operating system, according to Microsoft.

A computer defense firm that alerted Microsoft to the IE flaw presented "proof-of-concept" code Wednesday at a Black Hat technology security conference in Washington, D.C.

The demonstration revealed "an information disclosure vulnerability" in IE browsers run on XP or other operating systems if IE Protected Mode is disabled, according to senior security communications manager Jerry Bryant.

"People running IE 7 or 8 in default configurations on Windows Vista or later operating systems are not vulnerable to this issue as they benefit from Protected Mode," said Bryant.

The software giant issued a security advisory warning of the danger and recommending XP users enable a "Network Protocol Lockdown" feature and IE software be set to "Protected Mode."

Users were advised to upgrade to Microsoft's new Windows 7 operating system and the latest browser, IE 8, which feature significant safeguards against hackers.

"Once we're done investigating, we will take appropriate action to help protect customers," Forstrom said.

"This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves."

Microsoft only veers from its usual protocol of releasing security updates the second Tuesday of each month when it deems fixes urgent.

Two weeks ago, Microsoft released an out-of-cycle patch for an IE 6 software hole through which China-based cyber spies attacked Google and other firms.

Microsoft has confirmed that the previously unknown security vulnerability in its IE 6 browser was used in cyberattacks which prompted Google to threaten to shut down its operations in China.

Revealing the attacks on January 12, Google said they originated from China and targeted the email accounts of Chinese human rights activists around the world. The company did not explicitly accuse the Chinese government of responsibility.

Web security firm McAfee Inc. said that the attacks on Google and other companies showed a level of sophistication beyond that of cyber criminals and more typical of a nation-state.

Attackers used email or some other lure to get employees of a targeted company to click on a link and visit a specially crafted website using Internet Explorer.

Malicious software would then be downloaded that has the capability to essentially install "back doors" in machines and give hackers access.

Explore further: Android gains in US, basic phones almost extinct

add to favorites email to friend print save as pdf

Related Stories

Microsoft fixes browser flaw used in Google breach

Jan 21, 2010

(AP) -- Microsoft Corp. took the unsual step of issuing an unscheduled fix Thursday for security holes in its Internet Explorer browser that played a role in the recent computer attacks that led Google to threaten to leave ...

Internet Explorer a champ but Chrome a contender

Feb 02, 2010

Microsoft's latest version of Internet Explorer (IE) is a hit but Google's Chrome has been steadily gaining ground on the Web browsing software, according to industry figures released Tuesday.

Recommended for you

Android gains in US, basic phones almost extinct

3 hours ago

The Google Android platform grabbed the majority of mobile phones in the US market in early 2014, as consumers all but abandoned non-smartphone handsets, a survey showed Friday.

Hackathon team's GoogolPlex gives Siri extra powers

Apr 17, 2014

(Phys.org) —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Microsoft CEO is driving data-culture mindset

Apr 16, 2014

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

User comments : 0

More news stories

LinkedIn membership hits 300 million

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Treating depression in Parkinson's patients

A group of scientists from the University of Kentucky College of Medicine and the Sanders-Brown Center on Aging has found interesting new information in a study on depression and neuropsychological function in Parkinson's ...