900 million Internet Explorer users hit by bug - You're probably one of them!

900 million Internet Explorer users hit by bug - You're probably one of them!

Summary: Are you a Windows user that still surfs the web with Internet Explorer? Well, if you are one of the 900 million who do, you need to to sit up and pay attention to a new vulnerability that affects you.

SHARE:

Are you a Windows user that still surfs the web with Internet Explorer? Well, if you are one of the 900 million who do, you need to to sit up and pay attention to a new vulnerability that affects you.

Details here:

Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability.

The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

This issue affects ALL versions of Windows, from XP SP3 all the way to Windows 7 and Windows Server 2008 R2 (Server Core installations are unaffected).

Microsoft has published a one-click "Fix it" workaround for the bug that involved locking down MHTML. This will prevent the launch of script in all zones within an MHTML document. Any application that uses MHTML will be affected by this workaround.

Topics: Security, Browser, Microsoft, Operating Systems, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

107 comments
Log in or register to join the discussion
  • Message has been deleted.

    Loverock Davidson
    • Message has been deleted.

      Economister
      • Message has been deleted.

        Michael Alan Goff
      • Message has been deleted.

        Tigertank
      • Message has been deleted.

        Michael Alan Goff
    • Message has been deleted.

      daikon
      • No one will likely be effected

        But Microsoft knows that it's better to be safe than to be sorry.
        Michael Alan Goff
      • C-C-C-COMBO BREAKER!!!

        Sorry about the lameness, but someone had to stop this "message has been deleted" nonsense.
        Stormbringer_57th
      • RE: 900 million Internet Explorer users hit by bug - You're probably one of them!

        @Stormbringer_57th Killer Instinct Gold!
        PlayFair
    • Message has been deleted.

      Uralbas
    • Message has been deleted.

      Ron Burgundy
      • Message has been deleted.

        daikon
    • Message has been deleted.

      Alan Smithie
    • RE: 900 million Internet Explorer users hit by bug - You're probably one of them!

      Wow... look at the carnage... almost an entire thread gone.
      Hallowed are the Ori
      • yeah, only one was flagged too.

        @Hallowed are the Ori
        I wonder why everything was deleted?
        Tigertank
      • probably the usual

        equivalent of hair-pulling and b****h-slapping that goes on between the MS/Linux/Apple FanBoi community. It's rarely entertaining.
        pikeman666
      • RE: 900 million Internet Explorer users hit by bug - You're probably one of them!

        @Tigertank<br>Your kidding right look at the authors LD, all the way down to Donnie and it's 3 personalities. But I disagree with pikeman666 I think it's very entertaining.
        ItsTheBottomLine
    • RE: 900 million Internet Explorer users hit by bug - You're probably one of them!

      @Loverock Davidson

      Yeah... what he said!

      Uh... what did he say?

      :) hehe
      RDrrr
      • What did he say?

        @RDrrr
        Lawl. Really want to know what he said too.
        ZackCDLVI
    • Hoo-RAH!

      :p
      search &amp; destroy