A security flaw has been discovered in Microsoft’s browser which enables them to launch “targeted attacks” against users of IE versions 6 through 11. Microsoft declared the most common attack being leveraged against IE users is tricking them into visiting malicious websites. These attacks are known as “drive-bys” which enable a hacker to hit a vulnerable browser as soon as its user clicks on the malicious URL.
Redmond software giant said in a security advisory that “Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
Microsoft explained it as “actively working with partners” in its Microsoft Active Protections Program (MAPP) to offer information they can use to provide broader protections to customers. We can find information about protections released by MAPP partners here : MAPP Partners with Updated Protections. Microsoft is also urging customers to enable a firewall, apply all software updates and install anti-malware software.
Microsoft Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2 runs in a restricted mode called Enhanced Security Configuration that reduces the likelihood of the user being infected.
Microsoft told that “This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.”
Microsoft’s Trustworthy Computing group director Tim Rains said in a blog post that “Microsoft Windows XP was released almost 12 years ago, which is an eternity in technology terms. While we are proud of Windows XP’s success in serving the needs of so many people for more than a decade, inevitably there is a tipping point where dated software and hardware can no longer defend against modern day threats and increasingly sophisticated cyber-criminals. When we release monthly security updates for supported versions of Windows, attackers will try and reverse engineer them to identify any vulnerabilities that also exist in Windows XP. If they succeed, attackers will have the capability to develop exploit code to take advantage of them.”