Microsoft has issued a security warning to users of older versions of its PC-based Internet Explorer.
The company will issue a security bug
fix, but the problem could be of particular concerns for users of older
Windows software, as the company recently discontinued updates for
Windows XP software.
Around 30 percent of company laptops are
thought to still be using Windows XP, and tests by Symantec confirmed
that this new security flaw affected browsers on that OS. The software
will not be patched by Microsoft, leaving users vulnerable if they do
not update their software manually, according to cellular-news.com.
The flaw, that can let hackers access
user rights to computers affects Internet Explorer versions 6 to 11 and
Microsoft said it was aware of “limited, targeted attacks” to exploit
it.
Microsoft added in a security warning
that it will deploy a bug fix for those software platforms that it still
supports, “which may include providing a solution through our monthly
security update release process, or an out-of-cycle security update,
depending on customer needs.”
The flaw would also need the user to be
running their web browser in an unsecured mode, which is not the default
that they are shipped with.
In a web-based attack scenario, an
attacker could host a website that contains a webpage that is used to
exploit this vulnerability. In addition, compromised websites and
websites that accept or host user-provided content or advertisements
could contain specially crafted content that could exploit this
vulnerability.
In all cases, however, an attacker would
have no way to force users to visit these websites. Instead, an attacker
would have to convince users to visit the website, typically by getting
them to click a link in an email message or Instant Messenger message
that takes users to the attacker’s website.
No comments:
Post a Comment