Breaking News

Microsoft Warns of Coding Flaw in Internet Explorer
Download PDF
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

 

A newly discovered security hole in its Internet Explorer (IE) web browser has led Microsoft Corp to issue a security advisory over the weekend. It warned customers of a coding flaw in IE versions 6 to 11 that allows hackers to gain the same level of access on a network computer as an authorized user.

  
What
Where


According to Liam O Murchu, Research Manager with Symantec Corp, “There are no patches available. It is very difficult for people to protect themselves.” He informed that the danger with these types of attacks is that “they will mutate, and the attackers will find a way to evade the defenses we have in place.”

To mitigate the risk of infection, Microsoft has advised IE users to immediately install the Enhanced Mitigation Experience Toolkit (EMET). This free security tool can protect against ‘limited targeted attacks’ that Microsoft is aware about.

The flaw in IE was discovered on Friday by Eric Romang, a researcher in Luxembourg, when his PC was infected by the malicious software Poison Ivy. This software is used by hackers to steal data or take remote control of PCs. On analyzing the infection, he learned that Poison Ivy had gotten on to his system by exploiting a previously unknown bug, or “zero-day” vulnerability, in Internet Explorer.

Get JD Journal in Your Mail

Subscribe to our FREE daily news alerts and get the latest updates on the most happening events in the legal, business, and celebrity world. You also get your daily dose of humor and entertainment!!




Microsoft said hackers could host a “specially crafted website” containing content that could help them exploit the flaw. But they would still have to convince users to view the website to gain access to their computer. They could do this by getting them to click on to a link sent by email or instant messenger. The hacker would in “no way” be able to force users to view the content. If successful, a hacker could gain the same rights as the computer’s current user.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” informed Microsoft. It also added, “IE on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode, which “mitigates this vulnerability.”



Currently, Microsoft has not provided any timeframe for coming up with a better solution than EMET to fix the bug, but several security researchers said that the update could be expected within a week. The firm’s “appropriate” steps to fix the bug could include a solution through their monthly security update release process, an out-of-cycle security update, or a patch that would aid XP users.



 

RELEVANT JOBS

Associate Attorney

USA-FL-Orlando

ALAW, an established, multi-state real estate and creditors’ rights law firm, is seeking a qua...

Apply now

Real Estate / Estate Administration Paralegal

USA-PA-York

Small central Pennsylvania law firm seeking organized, reliable, and highly motivated full-time real...

Apply now

CASE MANAGER / GENERAL COUNSEL

USA-TX-Houston

Dolcefino Consulting is a fast-paced investigative media consulting company that is hired by law fir...

Apply now

Attorney

USA-NY-New York City

ATTORNEY WITH 3 TO 5 YRS. EXPERIENCE IN PLAINTIFFS MEDICAL MALPRACTICE, MUST BE ABLE TO CONDUCT DEPO...

Apply now

BCG FEATURED JOB

Locations:

Keyword:



Search Now

BCG Attorney Search In-House Counsel

USA-CA-Los Angeles

BCG Attorney Search In-House Counsel We are a Legal Employment Company located in California with o...

Apply Now

FDA Regulatory Attorney

USA-MA-Boston

Boston office of a BCG Attorney Search Top Ranked Law Firm seeks FDA regulatory attorney with 3-4 ye...

Apply Now

Foreclosure/Bankruptcy Associate Attorney

USA-CA-Temecula

Temecula office of our client seeks associate attorney with preferably 2 years of experience working...

Apply Now

SEARCH IN ARCHIVE

To Top