IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Windows 7/8.1 users warned of new Internet Explorer 11 flaw

The flaw was uncovered by security researchers and demonstrates how hackers can hijack websites

Internet Explorer

Windows 7 and Windows 8.1 users are at risk from a new zero-day vulnerability in Internet Explorer 11, security researchers have warned, although Microsoft claims the flaw is yet to be exploited.

The proof-of-concept (POC) flaw was uncovered by researcher David Leo at Deusen and is described as 'Universal Cross Site Scripting(XSS)' allowing the content on domains (The Daily Mail was used as an example) to be changed remotely using modified browser cookies.

Additionally, it could mean hackers are able to insert malicious content into browsers, scrape personal data or track movements online using unsavoury web pages as a mask.

Symantec added this means someone could exploit the vulnerability to steal information. It said in a blog post: "This zero-day vulnerability could allow an attacker to bypass the same-origin policy (SOP) in order to steal from and inject information into other websites," explained the team in an advisory.

"Microsoft has not yet issued a patch or security advisory for this vulnerability. At this time, there are no indications that this vulnerability has been exploited in the wild."

Although Microsoft has implemented its Smart Screen technology on newer versions of Internet Explorer, designed to protect against phishing attacks like this, the concern is more hackers will use the method before the company fixes the flaw.

In order to take advantage of the vulnerability, a hacker would have to lure a user to a malicious website, Microsoft said in a statement: "We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How to virtualise Windows 7 inside Windows 10
Microsoft Windows

How to virtualise Windows 7 inside Windows 10

9 Sep 2021

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022