If you pay any heed to warnings released by Microsoft Corporation, then this one will surely make you think twice before you open Internet Explorer. As per Microsoft, its default web browser, Internet Explorer has been found to have yet another flaw and this time the discrepancy could lead to unauthorized access to hackers and attackers to your the files on your computer, under certain circumstances. The condition being that, the intruder needs to know the name of the file he wants to hack into and if he does, then the flaw in the browsers gives him a clear path to the file.
This isn’t the first time that a vulnerability of this magnitude has been discovered in the Internet Explorer. Last month, about 20 U.S companies, including the search giant, Google had their security penetrated by alleged Chinese hackers, using Internet Explorer and a still unannounced vulnerability, that was later fixed by Microsoft. This lead to Google’s decision to retract its support for IE browser, in case of Google Apps and Google Sites, that is to take effect from the month of March this year.
This latest flaw is related to the incorrect rendering of local files in the browser the versions of Internet Explorer that are affected by this issue are, Internet Explorer 5.01 and IE 6 on Windows 2000; IE 6 on Windows 2000 Service Pack 4; and IE6, IE 7, and IE 8 on Windows XP and Windows Server 2003. However, the latest Windows operating systems such as, Wndows Vista, Windows Server 2008, Windows 7, and Windows Server 2008, that are known to run the internet explorer in Protected Mode seem to be safe from this concern.
According to the Microsoft Security Advisory,
“Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
Via PC World
Posted by Rajeev Saxena on February 5, 2010 in Business, Internet and New Media · 0 Comment
