AfterDawn: Tech news

Microsoft warns about new Windows flaw affecting IE users

Written by James Delahunty @ 01 Feb 2011 8:08 User comments (15)

Microsoft warns about new Windows flaw affecting IE users Microsoft has warned Windows users about a security flaw that could affect 900 million Internet Explorer users.
The company warned in an advisory that the flaw could potentially be exploited by malicious users to hijack a computer or steal private information. Even though the flaw itself is in Windows, it only appears to affect the way Internet Explorer handles webpages and documents.

"When the user clicked that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session," wrote Microsoft representative Angela Gunn.

"Such a script might collect user information, e.g e-mail, spoof content displayed in the browser or otherwise interfere with the user's experience."

Microsoft said it has seen no evidence that the loophole is being exploited in the wild. The company is working on a permanent patch to fix the problem permanently, but concerned Internet Explorer users can utilize a Microsoft "Fix It" solution to guard against it until then.



More information: http://support.microsoft.com/kb/2501696

Previous Next  

15 user comments

11.2.2011 22:17

Once again, Microsoft announces their security holes to everyone (especially hackers) before actually sending an update. The average user probably won't read about it or even bother to use their "fix it" solution. Micros**t.

21.2.2011 23:01

with all the patches you would think people would go to more secure browsers

32.2.2011 00:37

You might also think that a cell phone famous for antenna problems wouldn't sell...but people still buy iPhones...most people just don't care about quality, reliability, or security.

42.2.2011 01:43

I swear I read this headline every week.

52.2.2011 06:19

The wording changes from time to time, and they seem to miss a week once in a while.

62.2.2011 10:34

So it doesn't affect me, as I don't use IE.

72.2.2011 17:08

again. I'll patch it when a patch becomes available. It won't affect me, never use internet explorer anyways.

82.2.2011 18:02

You might not have to use IE to be vulnerable. Since it is an exploit in the mhtml handler, extensions for other browsers that use that could possibly be vulnerable. Opera has it's own mhtml handler. I use the UnMHT extension for Firefox. I don't know if these are vulnerable, but I applied the FixIt to be on the safe side.

Check your registry, HKEY_CLASSES_ROOT and see what program is set to handle .mhtml and .mht files. If it is something besides IE, you could be vulnerable even with an alternate browser.

93.2.2011 13:08
Zoo_Look
Inactive

IE and Windows Explorer are one and the same, only the user interface is different (you can type web addresses in Windows Explorer and you can access your HD through IE remember). In fact, IE is so closely tied to Windows, that just using the desktop invokes some core IE functionality (active desktop anyone?).

The only way to completely avoid using IE, is to slipstream your Windows install (not an option if your using Windows already unless you want to wipe your HD) or use a different OS entirely (Linux / Mac-OS etc, which can bring on their own problems).

103.2.2011 14:38

Originally posted by Zoo_Look:
IE and Windows Explorer are one and the same, only the user interface is different (you can type web addresses in Windows Explorer and you can access your HD through IE remember). In fact, IE is so closely tied to Windows, that just using the desktop invokes some core IE functionality (active desktop anyone?).

The only way to completely avoid using IE, is to slipstream your Windows install (not an option if your using Windows already unless you want to wipe your HD) or use a different OS entirely (Linux / Mac-OS etc, which can bring on their own problems).

Can you explain to me how IE and windows explorer are the same thing? The two files have different file sizes (with windows explorer being nearly twice the size of IE), different file locations, different process identifications, different memory footprints, different DLL's referenced... in fact the only similarity I can see is that they both use the word "explorer" in their name. And uninstalling IE is easy: install a secondary web browser (makes things way easier), set the secondary browser to be the main web browser, delete the folder with IE in it (or rename it), smile. I had to do that when my IE got a nasty little virus... iexplore.exe got virused up and all cleaning I did was unable to fix it. Renamed the folder, then cleaned up the virus and had firefox on that system as the only browser for quite a while with little to no issues... then ran into compatibility issues with some webpages, and jumped back onto IE (IE 8 install was a breeze with technically no IE installed). Not sure where you are getting your facts about IE and WE from...

113.2.2011 19:38
Zoo_Look
Inactive

Do you have any idea how closely IE and Windows are tied at the hip?

123.2.2011 23:30

Originally posted by Gh0ce:

Originally posted by Zoo_Look:
IE and Windows Explorer are one and the same, only the user interface is different (you can type web addresses in Windows Explorer and you can access your HD through IE remember). In fact, IE is so closely tied to Windows, that just using the desktop invokes some core IE functionality (active desktop anyone?).

The only way to completely avoid using IE, is to slipstream your Windows install (not an option if your using Windows already unless you want to wipe your HD) or use a different OS entirely (Linux / Mac-OS etc, which can bring on their own problems).

Can you explain to me how IE and windows explorer are the same thing? The two files have different file sizes (with windows explorer being nearly twice the size of IE), different file locations, different process identifications, different memory footprints, different DLL's referenced... in fact the only similarity I can see is that they both use the word "explorer" in their name. And uninstalling IE is easy: install a secondary web browser (makes things way easier), set the secondary browser to be the main web browser, delete the folder with IE in it (or rename it), smile. I had to do that when my IE got a nasty little virus... iexplore.exe got virused up and all cleaning I did was unable to fix it. Renamed the folder, then cleaned up the virus and had firefox on that system as the only browser for quite a while with little to no issues... then ran into compatibility issues with some webpages, and jumped back onto IE (IE 8 install was a breeze with technically no IE installed). Not sure where you are getting your facts about IE and WE from...
Are you serious hahaha, MS thinks to make your life easy lets put everything together so you can access one thing from another but in the real world that is bad along with everything else they have built.

Just because you remove IE does not mean the core function is not still active. I would have to agree that they are linked together as they work off each other, just because there is different prints does not mean they are not working together requesting functions from each other.

Dam windows supporter lol

133.2.2011 23:51
Zoo_Look
Inactive

I'd even go so far as to correct myself, in that slipstraming your instal does not remove that core functionality, it merely removes or otherwise disables the IE executable as the previous poster before yourself has done. In fact, they themselves admit they had "little to no" issues, which is a democratic way of saying they had "some" issues.

Interesting quotes for them here:
http://en.wikipedia.org/wiki/Internet_Explorer#Removal

"Removing Internet Explorer does have a number of consequences. Applications that depend on libraries installed by IE will fail to function (or malfunction). The Windows help and support system will also not function due to the heavy reliance on HTML help files and components of IE. In versions of Windows before Vista, it is also not possible to run Microsoft's Windows Update or Microsoft Update with any other browser due to the service's implementation of an ActiveX control, which no other browser supports. In Windows Vista, Windows Update is implemented as a Control Panel applet.

With Windows 7, Microsoft added the ability to safely remove Internet Explorer 8 from Windows. Microsoft does not allow the dependencies to be removed through this process, but the Internet Explorer executable (iexplore.exe) is removed without harming any other Windows components."

Also, they seem to think that the court case regarding MS and the anti-trust lawsuit revolved around simply deleting or re-naming the IE executable... SERIOUSLY!? All those years of hearings and judgements and not one single person stood up and said "well actually, just delete the exe file"?

144.2.2011 07:38

Nu hu a windows flaw??????

154.2.2011 16:20
Zoo_Look
Inactive

lol, hardly news any-more really!

Comments have been disabled for this article.

Latest news

VLC hits milestone: over 5 billion downloads VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31)
VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times.
1 user comment
Sideloading apps to Android gets easier, as Google settles its lawsuit Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09)
Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier.
8 user comments
Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments

News archive