Microsoft Publishes Security Advisory For IE6 & IE7 Browser Vulnerability

Days after the news of a new Internet Explorer exploit code surfaced; Microsoft has confirmed the existence of the code and said that it was looking into the matter.

The code was earlier posted on the BugTraq mailing list by an unidentified hacker with out any explanation. Security experts believe that the code can be used to take control of the computers if the website hosting the code is visited.

Leading anti-virus vendor Symantec has posted on its blog that the exploit code attacks a flaw in IE’s usage of Cascading Style Sheets (CSS) which is found on most websites.

Symantec also reported that the code was at a very early stage but it could be evolved into a much more dangerous exploit code.

The company has also advised IE6 and IE7 users to turn off their JavaScript and keep their anti-virus updated or upgrade to IE8 which is safe from the attacks of the rogue code.

Responding to the issue, Microsoft has said that the infected users can go to its Consumer Security Center and report the matter to Internet Crime Complaint Center or contact the law enforcement agency of the specific country.

Our Comments

Better be safe than sorry. Microsoft has been rather swift in recognising the issue associated with the vulnerability. One problem though is that a significant amount of users are still using Internet Explorer 6, one of the most bug-ridden and insecure browsers around.

Related Links

Microsoft admits to zero-day threat to IE6 and IE7

(Guardian UK)

Microsoft confirms IE6, IE7 zero-day bug

(Computer World)

Microsoft Issues Security Advisory on IE Vulnerability

(PC World)

Security Irony from Microsoft and Symantec

(Besker Ming)