One week, three IE errors

Security has given more work to Microsoft when it announced a new serious vulnerability in IE - this is the third consecutive IE error to be released this week.

Source: SGnec The reason for this vulnerability is "Serious" (Critical) because it allows an attacker to gain control of the victim's computer. The problem occurred in the way IE handles information using the createTextRange method. According to Computer Terrorism, by inserting malicious code into the browser, hackers can break down system memory and trick users into launching malicious software.

Computer Terrorism did not publish the sample code to show how this vulnerability could be exploited, claiming it was a reliable "theory" error. Both versions of IE6 and IE 7 beta 2 running on Windows XP can be affected.

According to security firm Secunia, Microsoft is actively researching the patch for the vulnerability. Secunia itself evaluates this vulnerability as " Extremely serious ".

In the past week, Microsoft has repeatedly received warnings about two IE vulnerabilities and is expected to have a patch for the two vulnerabilities in April 11. The first vulnerability discovered on Thursday was less dangerous, but could cause IE to crash and crash. Meanwhile, the second vulnerability belongs to the "serious" category because it allows hackers to gain control of the system.

It seems that the latest vulnerability is also the most serious flaw in all three, since it can be exploited easily, without any difficulties. Analysts are afraid that hackers will soon find a way to exploit this vulnerability from published information about createTextRange.

Yesterday, Microsoft confirmed that the company is building a security update for IE. "This software is in the process of testing and will be released soon next April." However, the specific date has not been revealed.

Thien Y