Exploit Code Posted for Unpatched IE Flaw

Microsoft is warning customers that exploit code is in the public domain for an unpatched vulnerability in Internet Explorer that can allow an attacker to take control of a user's computer over the Internet.

Microsoft issued a security advisory about the vulnerability on Monday and updated the advisory Tuesday.

The flaw affects some of Microsoft's most secure platforms, including Internet Explorer on Windows XP Service Pack 2, as well as IE on Windows 98, Windows 98 Second Edition, Windows ME, Windows 2000 SP4 and Windows XP SP1. Windows Server 2003 running IE under Enhanced Security Configuration is not affected.

Microsoft has known about the technical issue that underlies the flaw for some time, but the company contends it was only recently made aware of the security implications of the problem. "This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible," Microsoft's advisory reads.

The flaw arises from the way IE handles mismatched document object model objects, according to the bulletin. An attacker would have to lure a user to a maliciously crafted Web site to exploit the bulletin.

Microsoft says it has received no evidence that the exploit code has been used to compromise customers yet. The company is working on a fix for the problem that will ship in a future security bulletin.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.