New exploit targets Internet Explorer zero-day flaw
By Asavin Wattanajantra,
An exploit has been published which targets an unpatched flaw in Internet Explorer (IE) 6 and 7.
Security firm Symantec tested the exploit and confirmed that it did work, though it was unreliable. However its analysis team said that they expected a fully-functional exploit to work in the near future.
If this exploit is used, attackers will be able to insert the exploit into websites. If an IE6 or IE7 user does browse one of these sites with Javascript enabled, they will be infected and their computer compromised.
The exploit targets a flaw in the way IE uses cascading style sheets (CSS), which is used to define the presentation of a website’s content.
Symantec advised Internet Explorer users to ensure their antivirus was up to date, disable JavaScript and only visit websites they trusted until a fix was available.
IT PRO has contacted Microsoft for comment, but the company had not responded at the time of publication.
There have been no reports of any exploits in the wild, but IT PRO blogger Davey Winder said that this could all change as hackers look to rush out attacks before security vendors have updated signatures to find the exploit.
He said: “Microsoft, will, I imagine, be reactive rather than proactive with a patch only being prioritised after such attacks become widespread.”
In August, Microsoft defended its ongoing use of Internet Explorer 6, which still has a quarter of web users, claiming that it was a matter of personal choice.
However, it did admit that as engineers, it wanted to see people upgrading to the latest versions.
Sponsored Links
advertisement
Latest Public Sector Analysis & Insight
The Digital Economy Act: Is it doomed to never happen?
As a further delay hits part of the implementation of the Digital Economy Act, is this just a small hiccup, or is the Act being rendered toothless already? Simon Brew takes a look.
- Does the government want to snoop on your data?
- Q&A: Rajeeb Dey, CEO Enternships
- Government IT: Apples for the mandarins
- Striving to solve the security skills crisis
- 2011: The year in news
- Are the cookie laws crumbling already?
- UK rural broadband: too little, and too late
- How the Data Protection Act's death will punish the UK economy
- Education: glad to be a geek
Latest Public Sector Reviews
HTC Flyer review: First Look
- HP TouchPad review: First Look
- RIM BlackBerry PlayBook review - First Look
- MWC 2011: Acer Iconia A100 and A500 reviews – first look videos
- MWC 2011: HP TouchPad review - first look video
- MWC 2011: RIM BlackBerry PlayBook review - first look video
- MWC 2011: HP Pre3 review - first look video
- MWC 2011: Motorola Pro review - first look video
- MWC 2011: HTC Flyer tablet review - first look video
- MWC 2011: Samsung Galaxy Tab 10.1 review – first look video
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Dell EqualLogic PS6100XS review
- Chromebooks: What's gone wrong?
- ICO: Fines for cookie law breakers
- UK regulator shuts down Angry Birds scam
- Open source software driving cloud-based innovation
- Fujitsu targets enterprises with Android ICS tablet
- IBM bans use of Siri on iPhones
- Dell PowerEdge R820 review
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
Latest News Videos in Public Sector
Q&A: David Elton, PA Consulting Group
PlayCIOs are increasingly influential, but have to juggle "dual roles", study finds.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
