Friday January 24, 2020
Home Lead Story Internet Expl...

Internet Explorer Can Make Your PCs Vulnerable: Report

The case came to notice when the software giant discovered that the credentials of a support agent were compromised for its web mail service which led to unauthorised access into some accounts

0
//

Microsoft’s Internet Explorer (IE) that has dealt with a reputation for poor security for years, now makes PCs vulnerable even if it is just installed in them, a security researcher has found.

According to researcher John Page, an unpatched exploit in the web browser’s handling of MHT files (IE’s web archive format), hackers can use to both spy on Windows users and steal their local data.

“As Windows opens MHT files using IE by default, you don’t even have to run the browser for this to be a problem — all you have to do is open an attachment sent through chat or email.

“This wouldn’t be an issue if it weren’t for the disclosure of the flaw. Page posted details of the exploit after Microsoft reportedly declined to roll out an urgent security fix, Engadget reported on Sunday.

The vulnerability affects Microsoft Windows 7, Windows 10 and Windows Server 2012 R2.

facebook, personal data
FILE – A man poses for a photo in front of a computer showing Facebook ad preferences in San Francisco, California, March 26, 2018. VOA

“Microsoft said a fix would be ‘considered’ in a future release. While that does suggest a patch is on the way, it leaves millions of users potentially vulnerable unless they either turn off Internet Explorer or point to another app that can open MHT files,” the report added.

The news came at a time when Microsoft, coming to terms with the Outlook.com data breach case, reached out to some users, informing them of the hack which exposed data sent over emails to hackers who kept accessing their accounts between January 1 to March 28.

Also Read- Huawei P30 Pro: Outperforms Rivals in Premium Segment (Tech Review)

In an email, Microsoft claimed that apart from the content of the emails including attachments, the hackers could have possibly viewed account email addresses, folder names and subject lines of the mails sent and received.

The case came to notice when the software giant discovered that the credentials of a support agent were compromised for its web mail service which led to unauthorised access into some accounts. (IANS)

Next Story

Microsoft Works To Fix Security Bug Issue in Internet Explorer

The vulnerability was found in how Internet Explorer handles memory

0
Microsoft
Overall, Microsoft said all supported versions of Windows are affected by the flaw, including Windows 7, which after this week will no longer receive security updates. Pixabay

 Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers and it is working on a fix, to be released at a later date.

The vulnerability was first reported by US Homeland Security on Friday evening, although the issue is not limited to American devices. Overall, Microsoft said all supported versions of Windows are affected by the flaw, including Windows 7, which after this week will no longer receive security updates.

The vulnerability was found in how Internet Explorer handles memory. An attacker could use the flaw to remotely run malicious code on an affected computer, such as tricking a user into opening a malicious website from a search query or a link sent by email, TechCrunch reported recently.

“The company is only aware of limited targeted attacks for which it is already working on a fix,” the report quoted a Microsoft spokesperson. The tech giant assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released.

Qihoo 360, a China-based security research team helped Microsoft in finding this flaw and it is believed to be a similar vulnerability as one disclosed by Mozilla, the maker of the Firefox browser.

As per report, neither Qihoo, Microsoft, nor Mozilla said how attackers were exploiting the bug, who the attackers were, or who was being targeted. Microsoft assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released.

Microsoft
Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers and it is working on a fix, to be released at a later date. Pixabay

Additionally, according to information gathered by PreciseSecurity.com, Microsoft Office products were the most commonly exploited by cybercriminals around the world and nearly 73 per cent of cyber exploits were performed in MS Office products in the third quarter of 2019.

ALSO READ: Tesla Owners Unintentionally Buy Software Updates, Face Troubles in Getting Refunds

MS Office products were followed by Browsers with 13.47 per cent of the total number of exploits by cybercriminals, Android with 9.09 per cent, Java with 2.36 per cent, Adobe Flash with 1.57 per cent and PDF with 0.66 per cent. (IANS)