Microsoft’s Internet Explorer browser flaws still continue to sprout this past few months. Just last month, hackers were able to access Google servers because of an unknown hole found in Internet Explorer. Though hackers used a number of tools in their hacking activity, such unknown flaw in IE became a major aid on the success of their overall operation. Today, another flaw in Internet Explorer was discovered and this time it gives attackers access to files stored on a PC if the attackers know the name of the file they want to access.
In line with this serious issue, Microsoft published a Security Advisory to warn the public especially the IE users. Below is an excerpt from the said advisory. (You can read the full post here)
“Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location….
The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.
At this time, we are unaware of any attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs. “
I, personally, don’t really like IE that much. Aside from it consumes big amount of memory, it has a lot of undiscovered flaws which might compromise that overall security of its user’s computer. This specific event is just one of those instances which other free browsers (such as Firefox and Google Chrome) are of great help. :)