gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 26, 2024, 05:25:25 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Microsoft warns on IE browser bug
gfx
gfxgfx
 

Author Topic: Microsoft warns on IE browser bug  (Read 558 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Microsoft warns on IE browser bug
« on: December 24, 2010, 03:08:26 am »
http://www.bbc.co.uk/news/technology-12067295

Quote
Microsoft has issued a warning about a serious vulnerability in all versions of its Internet Explorer (IE) browser.

If exploited by a booby-trapped webpage the bug would allow attackers to take control of an unprotected computer.

Code to exploit the bug has already been published though Microsoft said it had no evidence it was currently being used by hi-tech criminals.

A workaround for the bug has been produced while Microsoft works on a permanent fix.

Code injection

The bug revolves around the way that IE manages a computer's memory when processing Cascading Style Sheets - a widely used technology that defines the look and feel of pages on a website.

Hi-tech criminals have long known that they can exploit IE's memory management to inject their own malicious code into the stream of instructions a computer processes as a browser is being used. In this way the criminals can get their own code running and hijack a PC.

Microsoft has produced updates that improves memory management but security researchers discovered that these protection systems are not used when some older parts of Windows are called upon.

In a statement Microsoft said it was "investigating" the bug and working on a permanent fix. In the meantime it recommended those concerned use a protection system known as the Enhanced Mitigation Experience Toolkit.

Installing and applying the toolkit may require Windows XP users to update the version of the operating system they are using. But even if they do that some of the protection it bestows on Windows 7 and Vista users will not be available.

"We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," said Dave Forstrom, the director of Microsoft's Trustworthy Computing group, in a statement.

"As vulnerabilities go, this kind is the most serious as it allows remote execution of code," said Rik Ferguson, senior security analyst at Trend Micro, "This means the attacker can run programs, such as malware, directly on the victim's computer."

He added: "It is highly reminiscent of a vulnerability at the same time two years ago which prompted several national governments to warn against using IE and to switch to an alternative browser."

"We're currently unaware of any attacks trying to use the claimed vulnerability"

A heads up.  :gum:

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Microsoft warns on IE browser bug
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.008 seconds with 21 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!