Internet Explorer 'hit with new set of security flaws'
Published 26/01/2010 | 09:29
A US security research firm has found another set of vulnerabilities within Internet Explorer, only a day after Microsoft released an emergency software update.
Boston-based Core Security Technologies discovered the vulnerabilities on Friday January 22, only a day after the technology giant had released an unscheduled security patch to protect users of the most popular browser in the world from the flaws used by the hackers who pried into the email accounts of human rights activists in China.
Two weeks ago Microsoft admitted that its Internet Explorer browser was the weak link in a spate of recent cyber attacks on Google and other technology companies in China.
Core Security Technologies claim to have discovered another set of vulnerabilities in Internet Explorer which hackers could exploit and use to remotely access personal data on people’s computers.
Microsoft is taking the claim seriously and has launched an enquiry.
A spokesman said: “Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer. We’re currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to responsible disclosure. Once we’re done investigating, we will take appropriate action to help protect customers.”
However, the tech giant would not rule out having to release yet another unscheduled security update on top of the regular monthly release, once its investigation was over.
The spokesman added: “Customers should also upgrade to the latest version of Internet Explorer, Internet Explorer 8, which provides improved security and privacy protections, as well as sign up for Microsoft Update and enable the Automatic Update functionality. This will enable automatic installation of all applicable updates this month and help to make customer systems more secure.”
Jorge Luis Alvarez Medina, a security consultant from Core Security Technologies, told Reuters that there are three or four ways for hackers to exploit this new set of vulnerabilities, but he did not know whether any such attacks had happened. He plans to demonstrate the vulnerability at the Black Hat security conference in Washington, which commences on February 2.
Microsoft’s unscheduled security release last week was preceded by both the German and French governments issuing official warnings for all IE users to change their browser so as not to be exposed to the security flaws detected in all versions of IE.
Rival browser makers, including Firefox and Opera, are said to be benefiting from the fallout, with downloads of Firefox spiking in Germany immediately after the government issued its advice, and more than twice as many people as usual downloaded Opera last week.