Microsoft warns of Internet Explorer vulnerability

Filed Under: Data loss, Malware, Microsoft, Vulnerability

Critical
It feels like we've only just got our heads around the last security vulnerability in Internet Explorer (the one used in "Operation Aurora"), and now here comes another one.

A security advisory published by Microsoft warns of a vulnerability in multiple versions of Internet Explorer, the world's most popular browser, which could lead to information disclosure.

The flaw was demonstrated at the recent Black Hat conference in Washington DC by security consultant Jorge Luis Alvarez Medina, who showed that exploiting the vulnerability allowed him to examine the contents of every file on a user's computer.

Internet ExplorerMicrosoft says the group of users at highest risk are those Internet Explorer users still running Windows XP or who have turned off the browser's Protected Mode feature.

Of course it would be bad news if malicious hackers took advantage of this flaw, as there is no patch yet available from Microsoft. It remains to be seen how quickly Microsoft can roll-out a proper fix for the problem, but hopefully it will be sooner rather than later as it does sound as though the vulnerability is trivial to exploit.

Much more detail can be found in Microsoft's advisory - go check it out before any hackers try to exploit this flaw.

, ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.