Microsoft have issued a warning regarding a serious vulnerability found in all versions of Internet Explorer. If this is exploited by a malicious webpage, the bug is serious enough to allow attackers to take control of the computer.
IE has had its fair share of patches and fixes this year, but this latest report is a blow to Microsoft, who are trying to push IE as a security rich browser to compete with Firefox and Opera. Microsoft have said they show no reports of this latest vulnerability being exploited by hackers. Not yet anyway.
This security issue is linked to how Internet Explorer manages a systems memory when processing Cascading Style Sheet, a widely used software implementation that handles how a page should look. This isn’t the first memory management issue with IE and it means that malicious users can inject their own code into the stream of instructions a computer processes as a browser is running.
Microsoft said in a statement that they are ‘investigating’ the latest reports and are working on a permanent fix. In the meantime, they recommend that those concerned use a protection system known as the Enhanced Mitigation Experience Toolkit.
“We’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact,” said Dave Forstrom, the director of Microsoft’s Trustworthy Computing group, in a statement.
Trend Micro, senior security analyst at Trend Micro said “As vulnerabilities go, this kind is the most serious as it allows remote execution of code, This means the attacker can run programs, such as malware, directly on the victim’s computer. It is highly reminiscent of a vulnerability at the same time two years ago which prompted several national governments to warn against using IE and to switch to an alternative browser.”
KitGuru says: Are you an Internet Explorer user? Are you happy with the browser?