News

Exploit Code Posted for Unpatched IE Flaw

Microsoft is warning customers that exploit code is in the public domain for an unpatched vulnerability in Internet Explorer that can allow an attacker to take control of a user's computer over the Internet.

Microsoft issued a security advisory about the vulnerability on Monday and updated the advisory Tuesday.

The flaw affects some of Microsoft's most secure platforms, including Internet Explorer on Windows XP Service Pack 2, as well as IE on Windows 98, Windows 98 Second Edition, Windows ME, Windows 2000 SP4 and Windows XP SP1. Windows Server 2003 running IE under Enhanced Security Configuration is not affected.

Microsoft has known about the technical issue that underlies the flaw for some time, but the company contends it was only recently made aware of the security implications of the problem. "This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible," Microsoft's advisory reads.

The flaw arises from the way IE handles mismatched document object model objects, according to the bulletin. An attacker would have to lure a user to a maliciously crafted Web site to exploit the bulletin.

Microsoft says it has received no evidence that the exploit code has been used to compromise customers yet. The company is working on a fix for the problem that will ship in a future security bulletin.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.

  • Microsoft Brings Copilot AI Into Viva Engage

    Microsoft 365 Copilot in Viva Engage is now generally available, extending Copilot's AI-powered assistant capabilities deeper into the Viva platform.

  • MIT Finds Only 1 in 20 AI Investments Translate into ROI

    Despite pouring billions into generative AI technologies, 95 percent of businesses have yet to see any measurable return on investment.

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.