Reports of a new widespread Internet Explorer vulnerability have been confirmed and the bug affects all versions of Windows including Windows 7, Windows XP, and Windows Server 2008 R2. Even though IE users have dropped significantly in the last several years, some 900 million people are still devoted to it. Microsoft has already released a patch, but read more for the useful links and extra info.
Here’s a brief sitrep from Microsoft:
“Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability.
The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim’s Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.”
For more information, click here or open the source link down south.
The patch can be downloaded from the Microsoft website.
Via Gearlog