Microsoft was shocked again because of a new security error in IE
Microsoft is currently in a hurry to find a way to fix a "zero-day" security bug in Internet Explorer that has just been widely publicized that could be used to attack an attacker.
Microsoft has confirmed that it is currently investigating further information published through the 'Full-disclosure mailing list' email list. According to this information channel, the latest versions of the browser may be "suspended" when accessing a website that has hidden OBJECT tags.
A Microsoft spokesperson said initial investigations said the security error could cause the browser to be automatically closed or suspended.
' Mirosoft will continue to investigate more information about this security bug to provide the necessary help information for users ,' the spokesman said.
Michal Zalewski - who discovered and published this security error - confirmed that the fully patched version of Internet Explorer 6 running on the Windows XP Service Pack 2 platform still has this error.
Michal thinks this is a security bug that is hard to exploit but still warns about the risk of remote code execution attacks.
Security firm Secunia classified this security error as 'extremely dangerous' and stressed that this security flaw could be exploited to destroy memory by tricking users into accessing a malicious website. 'If successful in exploiting this security error, an attacker may be allowed to execute binary code,' Secunia warns.
French security firm FrSIRT also classified security errors as 'serious' and security error alerts could be exploited to organize remote attacks.
' This security error arises due to a memory failure error when the browser handles a dangerous HTNL code that contains' object' tags that allow remote malicious attackers to take over the entire control system. by tricking users into accessing a dangerous website . '
Websense Security Labs experts claim that there are still no exploitable code fragments that are spread but warn that browser crashes can often lead to attacks that execute code from far. ' We are currently searching for sites that are able to exploit this security bug .'
Microsoft has been critical of Zalewski for allowing the release of this security bug before an official patch is released. But the researcher said that he had absolutely no errors. 'I did not inform Microsoft in advance because I want them to quickly fix this security error .'
Hoang Dung
- Microsoft confirms a new bug in WMP
- Microsoft: 'ActiveX error is just a mediocre error'
- Microsoft verifies 'zero-day' error in Visual Studio
- Add a security error that threatens MS Excel
- Add a deadly zero-day error in Word
- 10 worst moments of security industry
- Microsoft rejected the new security bug in PowerPoint
- Two more security errors appear from the WMF vulnerability
- Fix IE again discovered a new security error
- 'Zero-day' security error protection procedure
- The code for exploiting the WMP security error appears
- Microsoft gave a gift of 14/2 with a security patch