New serious vulnerability threatens IE

For the second time in a week, hackers found a new vulnerability in Microsoft's IE browser that could be exploited to run unauthorized software on Windows computers.

Source: Security

The latest vulnerability, announced on April 29, allowed an attacker to take control of the Windows system and was classified as "High Risk" by the Security Website FrSIRT.

Although the "proof-of-concept" code indicates how to exploit this vulnerability has been published, making the vulnerability even more dangerous, but not without "cooling down" factors. First of all, an attacker must trick users into visiting a fake Web site and then ask them to do certain tasks, such as writing a text in Box, etc. before it can activate malicious software.

Also, the other good news is that this vulnerability does not affect the latest Windows versions and Windows Servers 2003.

No patch yet

Because of these limitations, Microsoft decided not to release emergency patches.

" The vulnerability cannot be exploited if the user does not manipulate a variety of activities. This is not common when browsing the Web. Therefore, we decided that the problem would be solved by a Service. Pack instead of a monthly update patch, "Microsoft said.

If you do not want to wait for the next Service Pack to be released, users can avoid the risk by changing IE's security settings. However, it may prevent IE from displaying correctly ActiveX-based websites.

IE continues to be the main target of hackers, with Microsoft having to release more than a dozen patches in the latest security update on April 11. Last Sunday, expert Michael Zalewski published detailed information about a similar serious flaw in IE. Secunia has rated this vulnerability "highly critical".

Thien Y