Another flaw plagues Microsoft's browser

 @ibtimes
on February 04 2010 1:14 PM

Microsoft said Wednesday that a new flaw in its Internet Explorer browser allows attackers to access files stored on a computer.

Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location, Microsoft said in a security advisory.

In order to exploit the vulnerability, the attacker must know the name of the file they want to access, it said.

The announcement comes in the wake of backlash against its Internet Explorer 6 browser, which last month hackers from China allegedly  exploited to attack Google and other companies.

In an unusual move, German and French agencies posted notices on their Web sites last month warning against using Internet Explorer all together, advising users to switch to alternatives.

United States security officials issued an advisory and recommended users patch IE6 immediately, though have not issued a formal warning to stop using the browser.

Internet Explorer version 6, which drops to second place, is still used by 20.07 per cent of people. Based on current estimates of the global Internet audience, that would mean around 350 million people are still using the browser.

It is important to note that all software has vulnerabilities and switching browsers in an attempt to protect against these highly publicized but currently limited attacks can inadvertently create some false sense of security, Microsoft said in a statement.

Share this article