Microsoft investigating new Internet Explorer vulnerability in Windows XP

2010 hasn't seen a particularly good start to the year for Microsoft's flagship browser, Internet Explorer.

Microsoft officials are now warning that a new vulnerability has been discovered in Internet Explorer running on Windows XP. Secunia, a Danish computer security service provider, claims the vulnerability affects Internet Explorer 7 on a fully patched Windows XP SP3 system but that other versions may also be affected. Microsoft officials confirmed the flaw could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.

Microsoft confirmed the issue involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what Microsoft refers to as “unsafe file types”. The file types are designed to invoke automatic actions during normal use of the files but can also be used by attackers to try and compromise a system. In a company blog posting on Sunday, Microsoft's Senior Security Communications Manager - Jerry Bryant, confirmed the company is still investigating the issue. "We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue," said Bryant.

Microsoft's Internet Explorer has had a rough start to the year:

January

The year started off badly when a vulnerability was unveiled after Google went public that they were targeted in a sophisticated cyber-attack. The breach, involving Internet Explorer 6, resulted in the theft of intellectual property. Both the French and German governments warned their populations to cease using Internet Explorer due to the un-patched flaw. The flaw was later patched in a rare out of band security update. If that wasn't bad enough a new flat in Internet Explorer was discovered just a day after the out of band patch.

February

If January was a month to remember then February certainly wasn't much better. At the beginning of the month a new vulnerability was discovered, affecting IE 5.01 and IE 6 on Windows 2000, IE 6 on Windows 2000 SP4 and IE6, IE7 and IE8 on Windows XP and Windows 2003. The software giant patched the flaw in a bumper patch Tuesday which contained 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities.

Report a problem with article
Previous Story

WinMo 6.x phones not Windows Phone 7 compatible; HD2 included?

Next Story

Microsoft Research working on real-time phone conversation translation

23 Comments

Commenting is disabled on this article.

There were some forum comments about this working on IE7/8 on XP.
Tested the "proof of concept" with XP SP3, IE7 - did NOT work for me.

oh shut up. The majority of computers in use today still use Windows XP. and as for forcing people to upgrade? Windows 7 runs perfectly fine on slightly older configurations.

speedstr3789 said,
oh shut up. The majority of computers in use today still use Windows XP. and as for forcing people to upgrade? Windows 7 runs perfectly fine on slightly older configurations.

Oh let me guess. You are using a P2 and still expect it to run like an Intel i7? lulz. People who think technology should never improve. Or what worked 10 years ago should do the same now.

I understand the idea of backward compatibility and familiairity, but this is the risk you take when you run an almost 9-year-old OS.

still1 said,

or use other browsers like Chrome

Or maybe not, i quite like IE8 and really hate it when people try and force me to change ya know.

tunafish said,

Or maybe not, i quite like IE8 and really hate it when people try and force me to change ya know.

So it's only okay if you tell people what to do, just like in your first post :)

Nobody's putting a gun on your head and forcing you to change. IMO You should take it as a friendly suggestion ^_^. I always try to use the best as far as architectural changes and security in which my opinion is Chrome :). The #1 spot used to be Firefox, which I used religiously. But I don't care about companies or try to be a fanboy, just use what is considered to be the best out there :)

Tekkerson said,
Nobody's putting a gun on your head and forcing you to change. IMO You should take it as a friendly suggestion ^_^. I always try to use the best as far as architectural changes and security in which my opinion is Chrome :). The #1 spot used to be Firefox, which I used religiously. But I don't care about companies or try to be a fanboy, just use what is considered to be the best out there :)
You are right, but it is better to use whatever you like the most, not what the majority considers better, according to you.

Microsoft should force users to upgrade to IE8 in XP and Vista, seeing the increasingly number of flaws.

Tekkerson said,
Nobody's putting a gun on your head and forcing you to change. IMO You should take it as a friendly suggestion ^_^. I always try to use the best as far as architectural changes and security in which my opinion is Chrome :). The #1 spot used to be Firefox, which I used religiously. But I don't care about companies or try to be a fanboy, just use what is considered to be the best out there :)

i think Chrome is probably more secure than Firefox mostly because it's not as popular.

because if you remember... Firefox seemed pretty secure when it was not as popular, but now that it is quite popular there's more and more security flaws discovered.

at the end of the day though... i still think Firefox is all around the best browser. because it seems with Chrome you basically get a quicker browser at the expense of RAM. but i guess on any PC with 2GB or more, the extra RAM use won't be a real issue.

but i think Firefox typically excels in the extensions dept. this is probably where it's beating pretty much all other browsers.

Edited by ThaCrip, Mar 2 2010, 6:53am :

still1 said,

or use other browsers like Chrome

If you're still using Windows XP these days then quite frankly you should be tied to a pole and beaten without mercy. There is absolutely no reason these days to be running Windows XP.

rawr_boy81 said,
There is absolutely no reason these days to be running Windows XP.

You can't afford to upgrade. That's a reason to be using XP.