Microsoft warns about flaw that makes hacking easier
By IANSSunday, December 26, 2010
LONDON - Microsoft has warned about a flaw on the Internet Explorer browser that could allow hackers to take control of unprotected computers.
The bug allows hackers to inject malware onto any system if they manage to trick users into visiting booby-trapped websites. Anyone with Internet Explorer (IE) 6 to 8 is potentially affected.
The code to exploit the bug has already been published. The computer giant said there was no evidence it was being used yet by criminals but they were “investigating” and working on a permanent fix, reports the Daily Mail.
Dave Forstrom, director of Microsoft’s Trustworthy Computing group, said: “We’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact.”
The bug targets how the browser manages a computer’s memory when it is processing Cascade Style Sheets - which are design instructions that determine how most web pages look.
Hackers can inject their own code into the stream of instructions and in this way hijack the PC. Although Microsoft has improved how memory management is protected, it does not work when some older parts of Windows are called on.
The bug first came to light on the seclists.org full disclosure mailing list earlier this month.
Rik Ferguson, security analyst at Trendo Micro, told the BBC: “As vulnerabilities go, this kind is the most serious as it allows remote execution of code.
“This means the attacker can run programmes, such as malware, directly on the victim’s computer.”
“It is highly reminiscent of a vulnerability at the same time two years ago which prompted several national governments to warn against using IE and to switch to an alternative browser.”