We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,696 News Articles

One more for luck – another IE flaw found

Bad week for Microsoft

The US government and several security vendors warned this week of newly published proof-of-concept code that exploits a serious, unpatched security flaw in Microsoft Internet Explorer.

The warnings come on the heels of a week of security traumas for Microsoft, which on Tuesday issued an emergency patch for an IE (Internet Explorer) bug that was being exploited by thousands of websites. Microsoft then acknowledged that an unpatched bug in PowerPoint was being exploited by internet scammers.

Also this week, the company reissued a third of the patches it originally published in August.

The proof-of-concept code was published by HD Moore, a well-known researcher who co-founded the Metasploit Project. Moore originally publicised the bug involved in July as part of his 'Month of Browser Bugs' project, which detailed flaws in IE and other browsers. The bug remains unpatched, according to security companies.

The code targets a flaw in the WebViewFolderIcon ActiveX control, Moore said. The bug works on a fully patched Windows XP SP2 system, and allows attackers to execute malicious code, according to security firm Secunia.

US-CERT, a US government body that monitors IT security issues, issued an alert and recommended disabling ActiveX. Secunia yesterday gave the flaw its most serious rating, 'extremely critical', and recommended allowing only trusted sites to run ActiveX controls.


IDG UK Sites

Motorola Moto G2 release date, price and specs: Best budget smartphone gets upgrades

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer