Microsoft warns about new Windows flaw affecting IE users

Microsoft warns about new Windows flaw affecting IE users
Microsoft has warned Windows users about a security flaw that could affect 900 million Internet Explorer users.

The company warned in an advisory that the flaw could potentially be exploited by malicious users to hijack a computer or steal private information. Even though the flaw itself is in Windows, it only appears to affect the way Internet Explorer handles webpages and documents.



"When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session," wrote Microsoft representative Angela Gunn.

"Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience."

Microsoft said it has seen no evidence that the loophole is being exploited in the wild. The company is working on a permanent patch to fix the problem permanently, but concerned Internet Explorer users can utilize a Microsoft "Fix It" solution to guard against it until then.

More information: http://support.microsoft.com/kb/2501696

Written by: James Delahunty @ 1 Feb 2011 20:08
Tags
Windows Microsoft Internet Explorer
Advertisement - News comments available below the ad
  • 15 comments

  • mike.m

    Once again, Microsoft announces their security holes to everyone (especially hackers) before actually sending an update. The average user probably won't read about it or even bother to use their "fix it" solution. Micros**t.

    1.2.2011 22:17 #1

  • ntense69

    with all the patches you would think people would go to more secure browsers

    1.2.2011 23:01 #2

  • KillerBug

    You might also think that a cell phone famous for antenna problems wouldn't sell...but people still buy iPhones...most people just don't care about quality, reliability, or security.

    2.2.2011 00:37 #3

  • shortybob

    I swear I read this headline every week.

    2.2.2011 01:43 #4

  • KillerBug

    The wording changes from time to time, and they seem to miss a week once in a while.

    2.2.2011 06:19 #5

  • Ben79

    So it doesn't affect me, as I don't use IE.

    2.2.2011 10:34 #6

  • RottieGrl

    again. I'll patch it when a patch becomes available. It won't affect me, never use internet explorer anyways.

    2.2.2011 17:08 #7

  • Xian

    You might not have to use IE to be vulnerable. Since it is an exploit in the mhtml handler, extensions for other browsers that use that could possibly be vulnerable. Opera has it's own mhtml handler. I use the UnMHT extension for Firefox. I don't know if these are vulnerable, but I applied the FixIt to be on the safe side.

    Check your registry, HKEY_CLASSES_ROOT and see what program is set to handle .mhtml and .mht files. If it is something besides IE, you could be vulnerable even with an alternate browser.

    2.2.2011 18:02 #8

  • Zoo_Look

    IE and Windows Explorer are one and the same, only the user interface is different (you can type web addresses in Windows Explorer and you can access your HD through IE remember). In fact, IE is so closely tied to Windows, that just using the desktop invokes some core IE functionality (active desktop anyone?).

    The only way to completely avoid using IE, is to slipstream your Windows install (not an option if your using Windows already unless you want to wipe your HD) or use a different OS entirely (Linux / Mac-OS etc, which can bring on their own problems).

    3.2.2011 13:08 #9

  • Gh0ce

    Originally posted by Zoo_Look: IE and Windows Explorer are one and the same, only the user interface is different (you can type web addresses in Windows Explorer and you can access your HD through IE remember). In fact, IE is so closely tied to Windows, that just using the desktop invokes some core IE functionality (active desktop anyone?).

    The only way to completely avoid using IE, is to slipstream your Windows install (not an option if your using Windows already unless you want to wipe your HD) or use a different OS entirely (Linux / Mac-OS etc, which can bring on their own problems).
    Can you explain to me how IE and windows explorer are the same thing? The two files have different file sizes (with windows explorer being nearly twice the size of IE), different file locations, different process identifications, different memory footprints, different DLL's referenced... in fact the only similarity I can see is that they both use the word "explorer" in their name. And uninstalling IE is easy: install a secondary web browser (makes things way easier), set the secondary browser to be the main web browser, delete the folder with IE in it (or rename it), smile. I had to do that when my IE got a nasty little virus... iexplore.exe got virused up and all cleaning I did was unable to fix it. Renamed the folder, then cleaned up the virus and had firefox on that system as the only browser for quite a while with little to no issues... then ran into compatibility issues with some webpages, and jumped back onto IE (IE 8 install was a breeze with technically no IE installed). Not sure where you are getting your facts about IE and WE from...

    Thanks and have a nice day
    The Gh0ce_>0

    3.2.2011 14:38 #10

  • Zoo_Look

    Do you have any idea how closely IE and Windows are tied at the hip?

    3.2.2011 19:38 #11

  • Zealousi

    Originally posted by Gh0ce:
    Originally posted by Zoo_Look: IE and Windows Explorer are one and the same, only the user interface is different (you can type web addresses in Windows Explorer and you can access your HD through IE remember). In fact, IE is so closely tied to Windows, that just using the desktop invokes some core IE functionality (active desktop anyone?).

    The only way to completely avoid using IE, is to slipstream your Windows install (not an option if your using Windows already unless you want to wipe your HD) or use a different OS entirely (Linux / Mac-OS etc, which can bring on their own problems).
    Can you explain to me how IE and windows explorer are the same thing? The two files have different file sizes (with windows explorer being nearly twice the size of IE), different file locations, different process identifications, different memory footprints, different DLL's referenced... in fact the only similarity I can see is that they both use the word "explorer" in their name. And uninstalling IE is easy: install a secondary web browser (makes things way easier), set the secondary browser to be the main web browser, delete the folder with IE in it (or rename it), smile. I had to do that when my IE got a nasty little virus... iexplore.exe got virused up and all cleaning I did was unable to fix it. Renamed the folder, then cleaned up the virus and had firefox on that system as the only browser for quite a while with little to no issues... then ran into compatibility issues with some webpages, and jumped back onto IE (IE 8 install was a breeze with technically no IE installed). Not sure where you are getting your facts about IE and WE from...     Are you serious hahaha, MS thinks to make your life easy lets put everything together so you can access one thing from another but in the real world that is bad along with everything else they have built.

    Just because you remove IE does not mean the core function is not still active. I would have to agree that they are linked together as they work off each other, just because there is different prints does not mean they are not working together requesting functions from each other.

    Dam windows supporter lol

    3.2.2011 23:30 #12

  • Zoo_Look

    I'd even go so far as to correct myself, in that slipstraming your instal does not remove that core functionality, it merely removes or otherwise disables the IE executable as the previous poster before yourself has done. In fact, they themselves admit they had "little to no" issues, which is a democratic way of saying they had "some" issues.

    Interesting quotes for them here:
    http://en.wikipedia.org/wiki/Internet_Explorer#Removal

    "Removing Internet Explorer does have a number of consequences. Applications that depend on libraries installed by IE will fail to function (or malfunction). The Windows help and support system will also not function due to the heavy reliance on HTML help files and components of IE. In versions of Windows before Vista, it is also not possible to run Microsoft's Windows Update or Microsoft Update with any other browser due to the service's implementation of an ActiveX control, which no other browser supports. In Windows Vista, Windows Update is implemented as a Control Panel applet.

    With Windows 7, Microsoft added the ability to safely remove Internet Explorer 8 from Windows. Microsoft does not allow the dependencies to be removed through this process, but the Internet Explorer executable (iexplore.exe) is removed without harming any other Windows components."

    Also, they seem to think that the court case regarding MS and the anti-trust lawsuit revolved around simply deleting or re-naming the IE executable... SERIOUSLY!? All those years of hearings and judgements and not one single person stood up and said "well actually, just delete the exe file"?

    3.2.2011 23:51 #13

  • salsa36

    Nu hu a windows flaw??????

    4.2.2011 07:38 #14

  • Zoo_Look

    lol, hardly news any-more really!

    4.2.2011 16:20 #15

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud