Software giant Microsoft has confirmed that a flaw in the Internet Explorer (IE) is being used to attack and exploit Windows. The concerned flaw was originally reported in January, but the company has not patched it yet.
Actually, the flaw is in the way Web browser IE parses MHTML content- a system for merging multiple file types and HTML content into a single file.
Exploiting the flaw, attackers create a malicious site to entice a user and then force the user's Web browser to run a Javascript code. This code is capable of accessing information from the user's Web browser. What is worse is that it can lure a user to install another code that opens up his/her computer to further hacks.
Microsoft's Security Research & Defense blog reads, "The end result of this type of vulnerability is script encoded within the link executed in the context of the target document or target web site."
Microsoft says there is not patch imminent, but there is toll available to address the problem and guard the computer.
Meanwhile, Microsoft announced the launch of IE 9, which takes advantage of new standard, called HTML 5.
Related News
- Symantec’s Greenbaum: Microsoft “may consider” out-of-band patch to fix new IE flaw
- Microsoft issues security advisory to users about Windows Shell flaw
- Microsoft testing a patch to address critical flaw affecting IE6 and IE7
- Security Advisory Issued by Microsoft over Zero-Day IE Vulnerability
- Microsoft patches eight “important” vulnerabilities in Movie Maker, Excel
- Microsoft to release an “out of band” patch to fix Windows flaw on Monday
- Microsoft issues Security Advisory for Help flaw in Windows XP, Server 2003
