17 Canon Harnett Court, Warren Park
Stratford Road, Milton Keynes, MK12 5NF


17 Canon Harnett Court, Warren Park, Stratford Road, Milton Keynes, MK12 5NF

Microsoft warn of Internet Explorer vulnerability

Your Cloud Works

IT Security & Support Specialist for Small and Medium Businesses


Microsoft has issues a warning to consumers of a vulnerability in Internet Explorer (IE) browser which could be exploited allowing hackers to gain access and user rights to their PC.

The flaw affects version 6 through to 11 of the browser, which, according to NetMarket Share, currently holds 50% of the global browser market.

In their security statement Microsoft stated that, the company “is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer”, and that it plans to “take the appropriate action to protect our customers”.

Those looking to exploit the flaw, could do so via a “specially crafted website”. However, hackers would still require unsuspecting users to view the website in order to gain access to their PC. Although an attacker could not force one to view the content of a website, one method often used is by convincing users to click on links or opening attachments contained in an email.

Successful attacks would result in the hacker gaining the same rights as the current user. Microsoft has warned that,

“If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The firm also added that Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode, which “mitigates this vulnerability”.

The impact on XP

The security flaw is of special concern to people still using Windows XP, due to Microsoft ending official support for the operating system earlier this month, meaning that XP users will not receive any further official security updates and bug fixes.

Symantec carried out tests and confirmed that “the vulnerability crashes Internet Explorer on Windows XP”.

Adding that “this will be the first zero day vulnerability that will not be patched for Windows XP users”.

With an estimated 30% of PC users still running XP, Microsoft has suggested businesses and consumers should upgrade to a newer alternative.

Source: BBC News

Share this Post:

Share on facebook
Share on twitter
Share on linkedin