Microsoft investigating new IE browser vulnerability

Microsoft investigating new IE browser vulnerability

Summary: Microsoft's security response team is investigating reports of a potentially dangerous code execution vulnerability in its flagship Internet Explorer browser.


Microsoft's security response team is investigating reports of a potentially dangerous code execution vulnerability in its flagship Internet Explorer browser.

The company warned that an attacker could host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.

Microsoft's Jerry Bryant said the company is not aware of any attacks related to this vulnerability.

"We have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue," Bryant said.

follow Ryan Naraine on twitter

From the MSRC blog:

The issue in question involves the use of VBScript and Windows Help files in Internet

Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system.

Although this issue has been publicly documented, Microsoft has not yet provided pre-patch mitigation guidance or workarounds for affected customers.

UPDATE: I'm told that Microsoft will issue a formal security advisory sometime today to provide more details on affected platforms and a workaround to help IE users prevent winhlp32.exe from launching.

Topics: Software, Browser, Microsoft, Operating Systems, Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Vista and 7 are NOT affected

    yet another reason to upgrade to Vista/7
    • Yeah right....

      • Yeah right, prove it or stuff it.... {nt}

      • yet another reason to upgrade to Linux

        No IE crapware to found there.
        • What a load of crap!

          Upgrade or switch to what? LMAO!

          I simply play and boot any Linuxes at will using

          Everything you ever wanted to know about Unix/Linux but were afraid to install...

          Well it's free? So? Why not have it all? Keep the serious stuff for life and work. And boot the toys for fun, and learning?

          I particularly like Mint and Knoppix.
          • tsk...tsk...tsk...

            [i]What a load of crap![/i]

            You know you really should take 10 deep breaths before you say that. We wouldn't want ya ta get a stroke now, do we?

            lol... :D
          • Hey don't worry about me getting a stroke, worry about yourself ;) {nt}

            Right is right, even if everyone is against it; and wrong is wrong, even if everyone is for it.
            ~ William Penn[/i]
          • Well I don't want...

   old feller like you to get too excited.

            Just sayin'... ;)
        • Considering Linux only connects 50% of the time

          It would only stand to reason that it might possibly be safer!
          • Agreed.

            [i]Considering Linux only connects 50% of the time[/i]

            Agreed, except it's 100%.

            [i]It would only stand to reason that it might possibly be safer![/i]

            Agreed, except the "might possibly" qualifier implies uncertainty.
    • Yes, Windows 7 is very good

      Yes, Windows 7 and Vista is very good and stable. I could not believe how well it works.
      Makes XP look like Windows 3.11. Anyone still using XP is someone in denial.
      • Still need xp for some programs

        I still use Windows XP as I use some programs that don't work right in
        Windows 7. Is mostly due to the fact that Windows 7 requires signed
        drivers and Windows XP does not. I wish they would remove that
        restriction. In my opinion it's Microsoft's way to make more money.

        Windows Vista is a joke. I hate servicing computers with Vista on them.
        • re: signed drivers

          I use Windows 7 on an old ThinkPad laptop (T41) for which there are no drivers for the ATI Radeon Mobility 9000 graphics chipset, so I used the drivers for WinXP available at Lenovo's website and it just ran fine. I don't know what are you referring to. Oh... I read that "Windows can't verify the publisher of this software" dialog. If you're stuck with it you should read it a little. It shouldn't take more than a minute or two. It has a green arrow which says "Install this driver software anyway"
          • re: signed drivers

            anyway, if you still has problems, you should try the "add legacy hardware" option on the device manager. (right-click on you computer's name and select "add legacy hardware")
        • re: Still need xp for some programs

          I run Windows 7 and have no problems with but a very few antiquated programs (not necessarily ones that can run on XP). Any other programs I have tried work very well. As for drivers, one can readily find drivers from the manufacturers unless the hardeware is well out of date. I prefer working on Vista or Windows 7. XP and prior Operating Systems can have many quirks that will throw up blockades in trying to repair or anything else. I recommend truly using an OS and learn all the ins and outs prior to judging.
        • then dig around in microsofts downloads and sign the drivers yourself

          While browsing I found one of Microsoft's signing tools available for downloads free to use by anyone.
      • Users w/ XP are only ones in Right Mind! :D

        Sorry! haha.... anything you can do on Vista or
        New Improved 7ista can be done better, easier
        and faster in XP on the same hardware. Even the
        look and feel can be duplicated, leaving you
        with a more user friendly control interface. So
        why in the world would I ever want to give that
        up, for a name change to be like you fear
        mongering zealots?

        NOT!!! ....I'm quite happy being able to
        actually control my own computer, rather than
        having Microsoft control me and it like puppets
        on a string! ;)
    • Firefox and Chrome are NOT affected.

      Yet another reason to upgrade away from IE.
      • Neither are Fox hounds and bull doziers. But they are not the topic either.

        • Correct, except for the "either" part.

          If you upgrade to a secure browser you're immune to this vulnerability.

          Getting a fox hound isn't going to have any affect on it.