Expert: New Vulnerabilities in IE Browser

A security firm says that it discovered another set of vulnerabilities in IE that hackers can exploit to remotely access all of the data on a personal computer.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Posted January 25, 2010

- Reuters

BOSTON (Reuters) - A security research firm said it discovered another set of vulnerabilities in Internet Explorer, a day after Microsoft Corp patched the Web browser following a high-profile cyber attack on Google in China.

The software maker issued a patch on Thursday to fight malicious software that was used in the attack on Google Inc and dozens of other companies which operate in China.

Research firm Core Security Technologies said on Friday that it discovered another set of vulnerabilities in Internet Explorer that hackers can link together and exploit, to remotely access all of the data on a personal computer.

"There are three or four ways to conduct this type of attack," said Jorge Luis Alvarez Medina, a security consultant with Boston-based Core, who will demonstrate the vulnerability at the Black Hat security conference in Washington, which begins February 2.

A spokeswoman for Microsoft said she could not immediately comment on the matter.

Alvarez Medina said hackers can exploit a string of four or five minor vulnerabilities in Internet Explorer, which is used on hundreds of millions of PCs around the world.

Although none of the vulnerabilities are serious enough to compromise a machine, a hacker could take control of a PC by exploiting all of them at once, he said.

The combination would overwhelm the browser, giving a hacker access to all data on the PC after a user clicks on a malicious link, he said.

Alvarez Medina added that he was uncertain whether any hackers had already exploited the weaknesses, which Microsoft has yet to patch.

He said that Core was working with Microsoft to find a way to mitigate the risk, but added that he believed other vulnerabilities would crop up even after a solution to these.

"It is likely that people will come up with new ones over time," he said.

Copyright 2010 Reuters. Click for restrictions.

Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.