For the second time in a week, hackers have discovered a new vulnerability in Microsoft’s Internet Explorer (IE) browser, which could be exploited to run unauthorized software on Windows computers.
 |
| Source: Security |
The latest vulnerability was disclosed on April 29, allowing attackers to gain control over Windows systems and has been classified as “High Risk” by security website FrSIRT.
Although a “proof-of-concept” code has been published detailing how to exploit this vulnerability, making it even more dangerous, there are some mitigating factors. First, the attacker must trick users into visiting a spoofed website and then request them to perform certain actions, such as entering text into a box, before they can activate the malicious software.
Additionally, the good news is that this vulnerability does not affect the latest versions of Windows or Windows Server 2003.
No Patch Available
Due to these limitations, Microsoft has decided not to release an emergency patch.
“The vulnerability cannot be exploited unless users perform a series of different actions. This is not a common occurrence while browsing the web. Therefore, we have decided that the issue will be addressed with a Service Pack rather than a monthly security update“, Microsoft stated.
If users do not want to wait for the next Service Pack to be released, they can mitigate the risk by changing the security settings of IE. However, this may prevent IE from properly displaying websites that rely on ActiveX.
IE continues to be a primary target for attackers, with Microsoft having to issue over a dozen patches in the most recent security update on April 11. Last Sunday, expert Michael Zalewski published details about a similar serious vulnerability in IE. The security firm Secunia rated this vulnerability as “highly critical”.
Tian Yi
