Here is an interesting bit of information; there is a known exploit that works on versions 6-10 of Internet Explorer that Microsoft will not patch. The flaw, according to the source, allows your mouse to be tracked anywhere on the screen, even if the IE window is minimized.
While this may not sound like a major security concern, there are bigger implications at play here as at least two display ad analytics companies are using this exploit across billions of page impressions per month. So to say that this is a moot point is a bit irrelevant as your mouse movements are currently being tracked without your consent.
There are two issues that this flaw raises that need to be highlighted. The first being that if you use a virtual keypad or keyboard, this exploit can be used to track your inputs and harvest your data and second, why won’t Microsoft fix this exploit if it is being used by advertising agencies that could be against the users consent?
The source states that they told Microsoft about the exploit on October 1st, 2012, the company told them that they have no immediate plans to fix the issue:
Whilst the Microsoft Security Research Center has acknowledged the vulnerability in Internet Explorer, they have also stated that there are no immediate plans to patch this vulnerability in existing versions of the browser.
Seeing that Microsoft has already spat in the face of advertisers with its default “do not track” feature being turned on, you would think the company would actively pursue this type of exploit to protect the end user.
We have pinged Microsoft for a response as to why the company will not fix the flaw; we will update this post with their comment when they respond.
48 Comments - Add comment