Microsoft has issued a formal warning that all versions of the Windows operating system (OS) are vulnerable to a new exploit. The vulnerability could allow attackers access to sensitive data (such as passwords) after a user unknowingly clicks on a malicious web link. The flaw is related to the way online content is viewed via the web browser Internet Explorer (IE).
According to the Wall Street Journal, Microsoft late last week admitted that the vulnerability exists and that it affects every version of Windows, from Windows XP to Vista, Windows 7 and even Windows Server.
Malicious Web Link Spells Trouble
The flaw reportedly resides in MIME HTML, or MHTML, a web content language viewed by Internet browsers and other applications, such as email software.
According to Microsoft Security Bulletin #2501696, a rigged website could permit a Trojan to be installed onto a PC after a user clicks on a malicious link. Once the Trojan has launched (automatically), it collects personal information and relays that information to an attacker.
Experts suggest using Mozilla Firefox or Google Chrome until a fix can be put together by Microsoft for IE. For its part, Microsoft suggests switching off the MHTML function in Internet Explorer until a fix has been formally released. (Source: ctwatchdog.com)
Flaw Affects All Versions of Windows, Not Just IE
Microsoft is reminding users that this flaw in particular is a weakness in Windows itself, and not solely Internet Explorer. Upgrading from an old version of Internet Explorer, while generally recommended, is not sufficient to keep users safe from this new vulnerability.
No comments:
Post a Comment