New critical vulnerabilities discovered in IE

A set of new security vulnerabilities have been discovered in Microsoft Corp.’s Internet Explorer (IE) Web browser which used together could allow hackers to compromise user PCs, researchers warned Tuesday.

The five vulnerabilities have been reported in IE 6.0, although other versions may have been affected, according to a bulletin released by security company Secunia Ltd.

The scripting flaws could allow hackers to bypass security and compromise systems, giving them access to sensitive information and cross-site scripting, according to Secunia.

The Copenhagen, Denmark, company has classified the vulnerabilities as “extremely critical” and is advising all IE users to disable Active Scripting or “use another product.”

“If they care about Internet security, users should make sure to disable active scripting,” Secunia chief technology officer (CTO) Thomas Kristensen said Wednesday.

Microsoft is currently investigating the new vulnerability reports but is not aware of any active exploits or customer impact at this time, according to a representative for Microsoft.

Upon completion of its investigation, Microsoft may release a fix in its next monthly security update or an out-of-cycle fix if needed, the representative said.

However, Kristensen said he doubts that the software giant will break its monthly patch release cycle to address the issues.

“I would be happy to see them break their cycle because it affects customers, but I doubt it,” he said.

The security flaws were originally discovered by Chinese security researcher Liu Die Yu, who published the vulnerabilities and proof of concept evidence Tuesday.

The Microsoft representative said that the company is “concerned that the new reports of vulnerabilities in IE were not disclosed responsibly, potentially putting computer users at risk.”

The company advised users to download its latest IE cumulative patch, released Nov. 11, while it looks into the new vulnerabilities.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now