Microsoft Warns of IE Flaw

Last week Microsoft issued Security Advisory 980088 to address a vulnerability in Internet Explorer that may allow information disclosure for Windows XP users who have disabled Internet Explorer Protected Mode. The advisory explains that content can be found to render incorrectly from local files in such a way that information can be exposed to malicious websites. A demo provided by Core Security Technologies at the Black Hat DC conference last week showed how an attacker could read every file on a filesystem when a user was running Internet Explorer.

Versions affected:

  • IE 6, 7, and 8 on supported editions of Windows XP and Windows Server 2003

Microsoft noted that Protected Mode prevents exploitation of this vulnerability and is running by default in IE 7 and IE 8 on Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.

No patch has been released yet for this vulnerability.

Read the full bulletin here.


About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: