Microsoft warned yesterday that that a flaw in its Internet Explorer browser gives attackers access to files stored on a PC if the attackers know the name of the file they want to access.
“Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2.”- Microsoft Security Advisory
Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.”
The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.
The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.
How to enable Protected Mode?
- Open Internet Explorer
- Go To tools > Options
- Navigate to security tab
- Check whether the Enable Protected Mode is checked or not, if not check it and click on Apply
- Restart IE.
0 comments:
Post a Comment