News Stay informed about the latest enterprise technology news and product updates.

Microsoft issues advisory on new IE security vulnerability

The software giant says a new flaw in the browser could allow attacker to run arbitrary code.

Microsoft said it's investigating an Internet Explorer security vulnerability that could allow an attacker to host...

a maliciously crafted webpage and run arbitrary code.

In an advisory posted Sunday, Jerry Bryant, Microsoft senior security communications manager, said the attacker would have to convince a user to visit the malicious page and get them to press the F1 key in response to a pop-up dialog box.

Microsoft isn't aware of any attacks trying to exploit the IE vulnerability, he said. Machines running Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista are not affected.

Bryant said the problem involves the use of VBScript and Windows Help files in Internet Explorer.

"Windows Help files are included in a long list of what we refer to as "unsafe file types," he wrote. "These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system."

He referred customers to a Microsoft white paper on the topic of unsafe file types and said anyone affected by the issue can visit Microsoft's consumer security support center. Microsoft will provide more information about the vulnerability when it's available, he said.

Dig Deeper on Web browser security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.