IE Flaw Turns Your PC into Public File Server

Status
Not open for further replies.

topgear

Super Moderator
Staff member
A vulnerability found in Internet Explorer could expose your files to the Internet.


A security consultant on Wednesday provided a live demonstration at the Black Hat DC conference that immediately prompted a security advisory from Microsoft. Jorge Luis Alvarez Medina, the Argentina-based security consultant with Core Security Technologies, showed attendees that it was possible to use an exploit found in Internet Explorer to remotely read files on a victim's local drive.


Medina said that the security flaw extends across all versions of Internet Explorer, and cannot be fixed with a simple patch. Microsoft countered and said that consumers can work around the problem by running Internet Explorer in “protected mode.” Still, that doesn't ultimately solve the problem--many unaware Internet Explorer users will be exposed to the Internet like an at-home FTP offering free, anonymous downloads.


According to Computerworld, Medina offered other workarounds including an IE Network Protocol Lockdown. This is achieved by cranking up the Internet and Intranet Zones to "high," and disabling Active Scripting for both zones. He also suggested that users switch to different browsers when navigating to untrusted Websites.


According to Microsoft, the FTP-style vulnerability affects consumers using Windows XP and those who have disabled Internet Explorer Protected Mode. "The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites," the company said.


Given the security issues that has faced Microsoft's Internet browser over the years, surfers should switch to rival software such as Mozilla's Firefox and Google's Chrome. On that note, it's really hard to believe that Internet Explorer 8 is the world's most popular Internet browser. Doh.

*www.tomsguide.com/us/Internet-Explorer-FTP-Microsoft-Exploit,news-5739.html
 

skeletor

Chosen of the Omnissiah
Mozilla Firefox 3.5 was the most widely used browser at the eve of the New Year. :)

And why it is that IE has the highest number of flaws? Can't Microsoft just design a new browser from scratch?
 
Status
Not open for further replies.
Top Bottom