News

Exploit Code Posted for Unpatched IE Flaw

Microsoft is warning customers that exploit code is in the public domain for an unpatched vulnerability in Internet Explorer that can allow an attacker to take control of a user's computer over the Internet.

Microsoft issued a security advisory about the vulnerability on Monday and updated the advisory Tuesday.

The flaw affects some of Microsoft's most secure platforms, including Internet Explorer on Windows XP Service Pack 2, as well as IE on Windows 98, Windows 98 Second Edition, Windows ME, Windows 2000 SP4 and Windows XP SP1. Windows Server 2003 running IE under Enhanced Security Configuration is not affected.

Microsoft has known about the technical issue that underlies the flaw for some time, but the company contends it was only recently made aware of the security implications of the problem. "This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible," Microsoft's advisory reads.

The flaw arises from the way IE handles mismatched document object model objects, according to the bulletin. An attacker would have to lure a user to a maliciously crafted Web site to exploit the bulletin.

Microsoft says it has received no evidence that the exploit code has been used to compromise customers yet. The company is working on a fix for the problem that will ship in a future security bulletin.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.