A set of new security vulnerabilities has been discovered in Microsoft's Internet Explorer web browser. Exploited at the same time, these weaknesses could allow hackers to compromise users' PCs, researchers warned yesterday.
The five flaws have been reported in IE 6.0, although other versions may have been affected, according to a bulletin released by security company Secunia.
The scripting holes could allow hackers to bypass security and compromise systems, giving them access to sensitive information and cross-site scripting, according to Secunia.
The Danish company has classified the vulnerabilities as "extremely critical" and is advising all IE users to disable active scripting or "use another product".
"If they care about internet security, users should disable active scripting," said Secunia chief technology officer Thomas Kristensen.
Microsoft is currently investigating the new vulnerability reports but is not aware of any active exploits or customer impact at this time, according to a representative for Microsoft in the UK. Upon completion of its investigation, Microsoft may release a fix in its next monthly security update or an out-of-cycle fix if needed claimed the representative.
"I would be happy to see them break their cycle because it affects customers, but I doubt it," said Kristensen.
Microsoft's representative said that the company is "concerned that the new reports of vulnerabilities in IE were not disclosed responsibly, potentially putting computer users at risk."
The company advised users to download its latest IE cumulative patch, released on 11 November, while it looks into the new vulnerabilities.