Story image

New IE exploit detected

02 Mar 2010

Microsoft is hurrying to deal with a new vulnerabilitydetected in the Internet Explorer browser that could allow a hacker to takecontrol of a computer.

The vulnerability could allow an attacker to host amaliciously crafted Web page and run arbitrary code if they could convince auser to visit the Web page and then get them to press the F1 key in response toa pop-up dialogue box. Microsoft says it is not aware of any attacks seeking toexploit this issue at this time and believes that users running Windows 7,Windows Server 2008 R2, Windows Server 2008, and Windows Vista are not affected.

“The issue in question involves the use of VBScript andWindows Help files in Internet Explorer,” a Microsoft blog posting explained. “WindowsHelp files are included in a long list of what we refer to as ‘unsafe filetypes’. These are file types that are designed to invoke automatic actionsduring normal use of the files. While they can be very valuable productivitytools, they can also be used by attackers to try and compromise a system.”

Microsoft advised users to avoid pressing F1 on dialogueboxes presented from Web pages or other Internet content.“If a dialogue box appears repeatedly in an attempt toconvince the user to press F1, users may log off the system or use Task Managerto kill the Internet Explorer process,” said the company in a securityresearch note.

Users can also set Internet Explorer to show a prompt beforerunning any Active X controls or scripting, which Microsoft said will notaffect general browsing.

A fix for the problem will probably be issued at a later date.

Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Schneider shares advice for solving edge computing challenges
Schneider Electric has shared the findings of a new whitepaper that delves into the issues of deploying IT at the edge.
ADLINK to develop edge computing solution for Intel
ADLINK will develop a new edge computing platform designed specially to work as an Intel Select Solution for Universal Customer Premise Equipment (uCPE).
Linux Foundation's LF Edge breaks edge computing's barriers
Edge computing should be completely interoperable and free of hardware, silicon, cloud and operating system restrictions. That’s the core message from LF Edge, an umbrella organization within the Linux Foundation.
Edge computing market to provide ‘lucrative opportunities’
The market is set to skyrocket in the coming years, paving the way for emerging market players.
Opinion: 3 ways cloud & colocation providers can use renewables
Schneider Electric’s John Powers discusses the renewable revolution that is underway and how providers can jump on board.
Former CBRE data centre head joins EkkoSense board
Data centre expert Mark Acton will be strengthening the board as a non-executive director.
$50b modular data centre market driven by edge computing
Findings from a new research report have been released by Global Market Insights that show a burgeoning market.