Microsoft: IE flaw may give hackers access to files on computer
It seems like Microsoft’s Internet Explorer has been on a roller coaster these past few months. Recently, the controversial Google hacking incident has caused some government agencies around world to take a closer look at Internet Explorer. Another vulnerability discovered earlier this week may have everyone scrutinizing IE once again.
After the Google hacking incident, where IE was determined to be the culprit, several government agencies have warned users about using Microsoft’s browser. A fairly major vulnerability was discovered in the browser resulting in a massive attack that targeted more than 20 U.S. based companies. One of the companies, Google has since announced plans to pull support for IE 6.
According to PC World, the new vulnerability discovered allows hackers to break into your home computer and access files.
In a security advisory, Microsoft stated:
Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location.
Apparently, the hacker must know the name of the file before being able to remotely access them off your computer. However, there can be some concerns here as common bank account files, money management apps and other widely available tools can have or rely on data with similar file names.
According to the security advisory, this vulnerability can affect several versions of IE, including IE 5.01, IE 6 on Win2k; and IE 6, IE 7, and IE 8 on Windows XP and Server 2003. That is a whole lot of different versions that could be impacted.
Microsoft also stated:
Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
Unfortunately, most people still use XP as Vista is dead in the water and Windows 7 is still fairly new to everyone. Microsoft has yet to receive reports about the flaw from the field and will be deciding if the company should fix the vulnerability.
Related Posts:
