Jetshing's Blog

The flaw could allow hackers or cyber criminals to access data stored on a user’s computer, simply be redirecting them to a fake website loaded with malicious code. Once the unsuspecting user clicks on to the web page, the code is automatically downloaded to their machine, giving hackers “backdoor” access in to the computer and all of its files and documents.

It’s the second serious security issue to affect Microsoft’s web browser this year. Last month, the company was forced to release an emergency “patch” to close vulnerability in Internet Explorer 6 that had allowed cyber spies to hack in to the Gmail accounts of human rights activists and Chinese dissidents, and to attack Google.

The governments of France and Germany advised web users to install an alternative web browser, while technology experts said that home users should consider using other browsers, such as Firefox or Google Chrome, on their home computers.

The team of security experts who discovered the most recent flaw have informed Microsoft of the problem, but will not release full details of the vulnerability until Microsoft has had the opportunity to produce a patch that will fix the problem.

“Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer,” said Dave Forstrom, group manager for Microsoft’s trustworthy computing team. “We’re currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to this responsible disclosure.”

However, some security experts warn that the flaw was “remarkably easy” to exploit. “There’s a very good chance that hackers will be able to take advantage of it,” said Graham Cluley, a senior technology consultant at security firm Sophos. “Microsoft needs to release a fix as soon as possible, otherwise hackers may seize this window of opportunity.”

Only computer users running Windows XP, the operating system launched in 2001, are at risk from the vulnerability, said Microsoft. It recommended that users enable a feature within XP known as the “network protocol lockdown”

Users running Internet Explorer 7 and Internet Explorer 8 in Protected Mode are not at risk, said Microsoft, and nor are those users running Windows Vista and the most recent Microsoft operating system, Windows 7.

It is thought that Microsoft will release a software update to fix the vulnerability next Tuesday.
By Claudine Beaumont, Technology Editor
Published: 12:01PM GMT 04 Feb 2010