New Internet Explorer Security Flaw

Posted in Spritely by Dimitri on February 4, 2010

Today, Microsoft announced that there is a security hole in Internet Explorer that can share your personal files with the entire internet. Ars Technica has a writeup, and notes the 5 recommended actions suggested by Microsoft to limit it’s impact:

Protected Mode in IE7/IE8 on Windows Vista and later limits the impact of the vulnerability.

In a Web-based attack scenario, an attacker could host a webpage that is used to exploit this vulnerability or do so via a webpage that accepts or hosts user-provided content or advertisements. In all cases, however, an attacker would have no way to force users to visit these websites and would have to convince them to do so, which is typically achieved via an e-mail or instant message.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

There’s a much simpler solution: never use Internet Explorer.

Tagged with:

Comments Off on New Internet Explorer Security Flaw

%d bloggers like this: