Microsoft warns of Internet Explorer vulnerability

It feels like we’ve only just got our heads around the last security vulnerability in Internet Explorer (the one used in “Operation Aurora”), and now here comes another one.

A security advisory published by Microsoft warns of a vulnerability in multiple versions of Internet Explorer, the world’s most popular browser, which could lead to information disclosure.

The flaw was demonstrated at the recent Black Hat conference in Washington DC by security consultant Jorge Luis Alvarez Medina, who showed that exploiting the vulnerability allowed him to examine the contents of every file on a user’s computer.

Internet ExplorerMicrosoft says the group of users at highest risk are those Internet Explorer users still running Windows XP or who have turned off the browser’s Protected Mode feature.

Of course it would be bad news if malicious hackers took advantage of this flaw, as there is no patch yet available from Microsoft. It remains to be seen how quickly Microsoft can roll-out a proper fix for the problem, but hopefully it will be sooner rather than later as it does sound as though the vulnerability is trivial to exploit.

Much more detail can be found in Microsoft’s advisory – go check it out before any hackers try to exploit this flaw.