Microsoft acknowledges zero-day IE bug

December 23, 2010
by

Internet Explorer users need to be aware that there’s a particularly nasty bug present in all versions of the Web browser. But Microsoft isn’t doing anything about it. Yet.

Microsoft has acknowledged that there is a serious vulnerability in all versions of Internet Explorer, one that if exploited could allow hackers to take control of your PC by tapping into Windows. However, as the vulnerability doesn’t yet appear to have been exploited in this way, the company isn’t rolling out an emergency security update.

This particular IE bug is related to the way Internet Explorer handles malicious Cascading Style Sheet (CSS) code. High-tech criminals could, if they chose to, exploit the bug by running code on a victim’s computer when they visit an infected website. The perpetrators would then gain access to said PC for their own nefarious purposes.

The vulnerability was first uncovered a few weeks ago by French security firm Vupen. The exploit is now well and truly in the public domain, and hackers the world over are no doubt aware of it and the possibilities for causing harm that it represents. However, as there have been no actual reports of the exploit having been enacted, Microsoft isn’t rushing out a permanent fix.

Instead, while the company “investigates,” it’s advising people to download and install the Enhanced Mitigation Experience Toolkit (EMET 2.0), or run IE in Protected Mode. Both should limit the chances of being affected. Or you could switch to using Firefox or Chrome instead, though Microsoft wouldn’t ever advertise this as a possible course of action.

This zero-day bug affects IE6, IE7, and IE8, and computers running XP, Vista, and Windows 7. XP users are considered the most at risk due to increased security precautions on the more recent versions of Windows. A patch should be released in February, unless reports of attacks start flooding in, in which case the company will likely act immediately.



Related Posts:

Posted in internet explorer, Microsoft, Opinion, Security | 1 Comment » Read more from

One Response to “Microsoft acknowledges zero-day IE bug”

  1. The Future of Sega:
    December 28th, 2010

    I’m glad I stopped using Internet Explorer!

Leave a Reply:


Recent stories

Featured stories

Archives

Copyright © 2012 Blorge.com NS