Security experts have recently warned about a vulnerability in the drag-and-drop functionality of Internet Explorer.
This vulnerability allows malware to infiltrate systems, giving hackers complete control over the affected computers. It impacts nearly all versions of the IE browser from 5.01 to 6.0.
The drag-and-drop feature has long been one of the most popular utilities in Windows. However, this very feature may now pose a threat to many users’ computers. In August 2005, Microsoft announced the potential for attacks through the drag-and-drop function in the IE browser. Just this past Monday, Websense also reported discovering several websites exploiting this vulnerability in Microsoft’s drag-and-drop feature to attack users.
Users can easily be tricked into performing drag-and-drop actions when visiting these websites. As soon as they release the mouse button, the malware can silently execute and infect their computers. It is challenging for antivirus and anti-spam programs to detect this malware, as they are often quite “legitimate-looking.”
Patch
Microsoft stated that they cannot provide an immediate patch; however, a fix for this vulnerability will definitely be included in Windows Server 2003 Service Pack 2 and Windows XP Service Pack 3.
The website SecuriTeam, which reported the security flaw, has also proposed three methods for protection. You can click here to view the original details. If you have some basic knowledge and a fair command of English, you may apply one of the three methods to protect yourself. Otherwise, the best advice remains to upgrade your antivirus and firewall software.
Microsoft does not yet consider this a critical vulnerability; therefore, in this month’s regular patch release, they will provide updates for Windows Media Player, Microsoft Office, and several other Windows issues.
TRAN HUY
