Microsoft Issues Security Warning about Internet Explorer
Published on: 28th Apr 2014
Note -- this news article is more than a year old.
Microsoft has issued a security warning to users of older versions of its PC based Internet Explorer.
The company will issue a security bug fix, but the problem could be of particular concerns for users of older Windows software, as the company recently discontinued updates for Windows XP software.
Around 30 percent of company laptops are thought to still be using Windows XP, and tests by Symantec confirmed that this new security flaw affected browsers on that OS. The software will not be patched by Microsoft, leaving users vulnerable if they don't update their software manually.
The flaw, that can let hackers access user rights to computers affects Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of "limited, targeted attacks" to exploit it.
Microsoft added in a security warning that it will deploy a bug fix for those software platforms that it still supports, "which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
The flaw would also need the user to be running their web browser in an unsecured mode, which is not the default that they are shipped with.
In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.
In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
On the web: Microsoft Tech Warning