Management
Technology
- Applications
- Business Intelligence
- Development
- Hardware
- Mobile & Wireless
- Networking
- Internet
- Operating Systems
- Security Products
- Servers & Datacentre
- Storage
Toolbox
Training
Books
White Papers
Webcast
Resource Centre
November 23, 2009
Windows XP Internet Explorer hacked
IE 6 & 7 vulnerable to attack
By Robert McMillan
A hacker has posted attack code that could be used to break into PCs running older versions of Microsoft's Internet Explorer browser.
Advert
The code was posted to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorised software on a victim's computer.
"Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7," the company wrote on its website on Saturday. "We expect that a fully-functional reliable exploit will be available in the near future."
Security consultancy Vupen Security has also confirmed that the attack works, saying it worked on a Windows XP Service Pack 3 system running IE 6 or IE7. Neither company was able to confirm that the attack worked on Microsoft's latest browser, IE8.
Symantec did not report that the attack is being used by cyber-criminals, but because Internet Explorer is so popular, this type of code is highly coveted by hackers. If the software does pop up in online attacks, it will put pressure on Microsoft to rush out an emergency patch, ahead of its regularly scheduled December 8 security update. Microsoft could not be reached Saturday for a comment on the issue.
Together, IE 6 and IE 7 command close to 40 percent of the browser market.
The flaw lies in the way Internet Explorer retrieves certain Cascading Style Sheet (CSS) objects, used to create a standardised layout on Web pages. For the attack to work, the hacker would have to lure a victim to a web page that contained maliciously encoded JavaScript, Symantec said. This technique has emerged as a favorite way for hackers to install their malicious software on computers in recent years.
"To minimise the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit websites they trust until fixes are available from Microsoft," Symantec said.
Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!
« prev article | more security news | next article »
Advert
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
- This article is now being printed.
What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.
Click below to add 'Windows XP Internet Explorer hacked - Cybercrime & Hacking - ComputerworldUK' to your blog.
If you do not have a ComputerworldUK Account and would like to use this feature, please Register.
If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.
Advert
Newsletters
Sign up to our Weekly Round-Up for the past week’s not-to-be-missed news analysis and insight delivered straight to your inbox.
WHITE PAPERS
-
Legal risks: Employee use of the internet and email
Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees. -
Phishing for victims
This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
