Microsoft Announces Brand New Zero-day Internet Explorer Flaw

Microsoft has warned that there is a new weakness in Internet Explorer decidedly porous armour, one for which there are currently no solutions, possibly until next Tuesday when Microsoft goes ahead with its Patch Tuesday exercise.

The company issued a security advisory mentioning that the vulnerability could allow information disclosure. Microsoft further added that it was unaware of any attacks in the wild and that for the time being, only controlled, "proof of concepts" attempts to use the flaw had been recorded.

It is understood that the weakness concerns Internet Explorer's ability to display content stored on the client's computer. An attacker could potentially try to phish for user data by using compromised or honeypot websites (like the scores that often appear on Google search engine results page).

Unlike the last major warning which focused on IE6, this time around, all versions of Internet Explorer are affected when they run on the quasi-obsolete Windows XP or if they have disabled Internet Explorer's protected mode on Windows Vista and Windows 7.

Internet Explorer has had more than its fair share of bad PR lately after version 6 of the browser was caught in a diplomatic thunderstorm after it was revealed that Google and other companies had suffered a cyberattack from China through an undisclosed IE6 hole.

Our Comments

IE6, which was until last month the most popular browser in the world, is already nine years old this year and just as old habits are hard to kill, many still stick to IE6 because of sheer procrastination. The last IE6 issue was fixed with an out-of-band patch but this one is unlikely to get the same treatment.

Related Links

Internet Explorer 6 may still be vulnerable

(News.com)

IE Flaw Gives Hackers Access to User Files, Microsoft Says

(PCWorld)

Microsoft warns of new flaw in IE

(V3)

Microsoft admits new IE flaw

(ITpro)

New Internet Explorer vulnerability discovered

(Techwatch)