Microsoft issues advisory on new IE security vulnerability

The software giant says a new flaw in the browser could allow attacker to run arbitrary code.

Microsoft said it's investigating an Internet Explorer security vulnerability that could allow an attacker to host a maliciously crafted webpage and run arbitrary code.

In an advisory posted Sunday, Jerry Bryant, Microsoft senior security communications manager, said the attacker would have to convince a user to visit the malicious page and get them to press the F1 key in response to a pop-up dialog box.

Microsoft isn't aware of any attacks trying to exploit the IE vulnerability, he said. Machines running Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista are not affected.

Bryant said the problem involves the use of VBScript and Windows Help files in Internet Explorer.

"Windows Help files are included in a long list of what we refer to as "unsafe file types," he wrote. "These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system."

He referred customers to a Microsoft white paper on the topic of unsafe file types and said anyone affected by the issue can visit Microsoft's consumer security support center. Microsoft will provide more information about the vulnerability when it's available, he said.

Dig deeper on Web Browser Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close