Microsoft releases an advisory about a new vulnerability affecting Internet Explorer that could allow an attacker to access files on a PC if the user is running Windows XP or using IE with Protected Mode disabled.
Microsoft is investigating claims of an Internet Explorer
vulnerability that could allow an attacker to access victims' files.
said it is not aware of any attacks
targeting the vulnerability, the
company warned Feb. 3 that if a user is not running IE in Protected Mode or is running
IE on a Windows XP machine, an attacker may be able to access files with an
already known file name and location.
According to the company, the vulnerability is the result of
content being forced to render incorrectly from local files in such a way that
information may be exposed to malicious Websites.
"At this time, we are unaware of any attacks attempting
to use this vulnerability," the advisory said. "We will continue to
monitor the threat environment and update this advisory if this situation
The affected versions are Internet Explorer 5.01 Service
Pack 4 (SP 4) on Windows 2000 Service Pack 4; IE 6 SP 1 on Windows 2000 SP 4;
and IE 6, 7 and 8 on supported versions of Windows XP SP 2, Windows XP SP 3 and
Windows Server 2003 SP 2.
"Customers running Internet Explorer 7 or Internet
Explorer 8 in their default configuration on Windows Vista or later operating
systems are not vulnerable to this issue as they benefit from Internet Explorer
Protected Mode, which protects from this issue," blogged
senior security communications lead for the Microsoft
Security Response Center. "Windows XP users, or users who have disabled
Protected Mode, can help protect themselves by implementing Network Protocol
Lockdown. We have created a Microsoft
to automate this. The Fix It can be run on individual systems or
enterprises can deploy it through their automated systems."
In addition, Microsoft suggests users set Internet and
local intranet settings to High so there is a prompt before running ActiveX
controls or active scripting. Instructions on how to do that are contained
within the advisory.