The glitch is so severe it potentially affects every user of Internet Explorer. Firefox, Google Chrome and Safari browsers are all unaffected by the threat because, unlike Internet Explorer, they don't support MHTML files, where the problem lies.
The loophole only seems to affect the way Internet Explorer handles some web pages. Microsoft just said that the bug is inside Windows, presumably because they don't want users to migrate to other browsers. This means it affects all versions of the operating system currently supported including Windows XP (SP3), Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 (R2).
The company has so far been unable to remove the bug itself and has issued a 'fix it' security patch to block any attempts to use it.
All Windows users, particularly those who use Internet Explorer, are being urged to download the patch as the company's security team work on a way to permanently fix the problem.
The company has described the flaw as a serious threat, although no hackers are thought to have yet exploited the vulnerability.
Microsoft spokeswoman Angela Gunn announced the flaw in a security advisory published online on Friday.
She said: 'An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it.
'When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.
'Such a script might collect user information (e.g. email), spoof content displayed in the browser, or otherwise interfere with the user's experience.'
0 komentar:
Posting Komentar