Microsoft warning over browser security flaw
- Published
Microsoft has issued a "critical" warning over a newly-discovered flaw in Windows.
In a security advisory, the company warned of a loophole that could be used by malicious hackers to steal private information or hijack computers.
The bug potentially affects every user of the Internet Explorer web browser - around 900 million people worldwide.
Microsoft has issued a software patch to defend against attacks, and said it was working to develop a long-term fix.
The security advisory, which was published on Friday, details how the vulnerability can be used to manipulate users and take over their machines.
Although the flaw is actually inside Windows itself, it only appears to affect the way that Internet Explorer handles some web pages and documents.
Microsoft admitted that the problem meant users could easily be fooled into downloading malicious files by doing something as simple as clicking on a web link.
"When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session," wrote Microsoft representative Angela Gunn in a website announcement, external accompanying the advisory.
Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added.
"Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience."
Although Microsoft said it had seen no evidence that the glitch had already been exploited by hackers, it warned that research had shown it was a serious threat.
And while it has not been able to remove the bug itself, it issued a "fix it" security patch, external to block any attempts to use it.
All Windows users - particularly those who use Internet Explorer - are being urged to download the fix while the company's security team develop a way to plug the hole permanently.
- Published23 December 2010
- Published2 August 2010