Posted on 02/04/2010 10:04:31 AM PST by ShadowAce
Microsoft said on Wednesday that it is investigating another flaw in Internet Explorer, this time a vulnerability that could result in an unauthorized disclosure of information for users running its browser on older operating systems.
The software maker said in a security advisory that, although it knows of no attacks based on the flaw, the vulnerability could lead to a Web-based attack from either a Web site designed to take advantage of the flaw or from a site that becomes compromised via user-generated text or a malicious ad. Either way, a user would have to actively go to the compromised Web site.
The flaw is separate from the one used to attack Google and other companies, which Microsoft addressed with an "out-of-band" security update last month.
The latest flaw could affect those running Windows XP and Internet Explorer on Windows XP. The software maker said those running the browser on a machine running Windows Vista or Windows 7 aren't vulnerable because the browser runs in a "protected mode" by default.
McAfee spokesman Joris Evers said that, although the latest issue doesn't allow the attacker to gain full control of a system, it nonetheless represents "a serious vulnerability that can expose personal information or system information that may be used in a follow up attack."
"Internet Explorer users should ensure they are protected against exploitation of this flaw and apply the patch when Microsoft releases it," Evers said.
Microsoft said it may take additional action when it finishes its inquiry, such as releasing an update as part of its monthly "Patch Tuesday" or as part of a special, out-of-band update. In the mean time, the software maker offered an automated "Fix It" that can turn on the protected mode for those running IE 6.
Is the government going to investigate Microsoft like it has Toyota?
Nyet! Is NOT flaw, is undocumented feature.
People still use IE?
That all depends......is MS non-union?
I think people should be able to use whichever browser they want. I also think I should get 3 minutes alone with any person caught writing a virus, malware, or spyware.
Alone? You’re making me feel left out, dude....
That's what I was thinking. Almost every one of my co-workers use Firefox but I find it a little unstable and bloated. Personally, I use Chrome and love it.
There can be no witnesses.
I switched to Chrome too, it’s by far my favorite. Minimalist with the bookmarks and tabs in the right place. Unfortunately the beta release right now isn’t quite up to par...but that will change.
I upgraded to Windows 7 on my home desktop a few weeks ago and love it. I would consider a Mac, but they're just so doggone expensive.
My tag line says it for me.
Windows and Security ...
About 10 years ago I just arrived at my current job ( Hint: I have an actual degree in Computer Science ) and I then told one of my new co-workers not to get too excited about Windows 2000, since the same flaws and security issues that were plaguing Windows 98 would continue as long as Microsoft did not rewrite the operating system from scratch.
The problem has continued since then and Windows 7 is just as bad as all of the OS’s Microsoft has released before it since the foundation of all MS operating systems has a poorly designed foundation.
While everyone (especially MS) blames applications (IE, Flash, Adobe) for making bad software, the real culprit is the operating system, since it’s primary job is to make sure bad programs don’t do bad things. And another 10 years from now we will still be talking about security issues and Microsoft products.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.