Internet Explorer is no stranger to security vulnerabilities, but a flaw revealed by Microsoft on Wednesday is one of the most stunning we've ever seen. The flaw affects IE6, IE7, and IE8 on Windows XP as well as IE7 and IE8 on Vista and Windows 7 if protected mode has been disabled (though protected mode is turned on by default).
The exploit would allow a hacker to access any file on your system by forcing IE to incorrectly render data from local files, exposing it to outside parties. The flaw, which is actually several smaller security holes combined in an ingenious way, would require tricking a victim into visiting a Web site through e-mail or IM, and then the attacker know the location and name of the file they'd wish to access. Unfortunately, many programs store sensitive data using a standardized structure that would be easy to find though guesswork.
If you're running Vista or Windows 7, ensure that you're running IE in protected mode, or even better -- choose a different browser. If you're still running XP and can't bring yourself to use Firefox or Chrome, you can lock down IE by setting the Internet and Local security zones to "High" or disabling ActiveX completely. You could also enable IE Network Protocol Lockdown, which requires editing the registry. Thankfully, Microsoft has created a "Fix it for me" link, available here, that does the dirty work for you. [From: Microsoft, via: Ars Technica]
No comments:
Post a Comment