Unpatched IE Flaw Brings Attacks

Wednesday, March 16, 2011 @ 09:03 PM gHale

An unpatched Internet Explorer flaw revealed two months ago is now the focus of online attacks.

The flaw has seen use in “limited, targeted attacks,” Microsoft officials said in an update to its security advisory on the issue.

Google also found, “we’ve noticed some highly targeted and apparently politically motivated attacks against our users,” they said in blog post. “We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site.”

The attack triggers when the victim unknowingly visits a maliciously encoded Web page. It gives the attacker a way of hijacking the victim’s browser and accessing Web applications without authorization.

The flaw lies in the Windows MHTML (Mime HTML) parsing software used by Internet Explorer, and affects all currently supported versions of Windows. The Full Disclosure mailing list disclosed the flaw in January.

Microsoft has released a Fixit tool users can download to repair the problem, but has not said when, or even if, it plans to push out a comprehensive security update to all users.

Google isn’t saying who the target of the attack was. Because attackers are using the flaw, the pressure is mounting on Microsoft to produce a reliable patch for the issue that would need to go out to hundreds of millions of customers.

Leave a Reply

You must be logged in to post a comment.