Attention B2B Marketers: Access 30 Million IT Decision Makers with a Custom Lead Generation Program Click to Learn More!
Welcome Guest | Sign In

Another Security Flaw Found in IE

By Keith Regan E-Commerce Times ECT News Network
Jan 17, 2005 10:04 AM PT

Security researchers say a newly discovered flaw in Microsoft's Internet Explorer (IE) browser could enable a remote attacker to download malicious content to a computer without triggering the warnings that usually accompany such downloads.

Another Security Flaw Found in IE

The lack of warning could enable an attacker to use specially written HTML Web pages to install spyware or other unwanted programs to a machine without the user being aware of it. In some cases, the machine could then be disabled or utilized in further attacks.

Word of the flaw became public over the week after being posted to the Bugtraq security discussion list by a self-described security researcher by the name of "Rafel Ivgi."

Advisory Issued

Symantec Corp. later issued an advisory based on the publication of the flaw. The company said that IE's download-detection function can be overridden by certain combinations of coding that includes an automatic download function and other HMTL coding tags.

The new apparent vulnerability comes after security firm Secunia released word of several "critical" flaws in the browser's code about a week ago.

Some researchers claim the more recently reported flaw, which affects IE version 6.0, can still be exploited in Windows XP machines even after Service Pack 2, which was meant to tighten security in Microsoft's flagship software and its still-dominant Web browser, is installed.

However, Microsoft called the early reports of the flaw "inaccurate and misleading" and again urged security researchers and others to follow standard practice for reporting, which calls for the software maker to be notified first before a vulnerability is made public.

Eroding Browser Edge

Analysts say even the suggestion of more security woes with IE is bad news for Microsoft, which is seeing its market share erode in the browser market.

WebSideStory now estimates that IE controls 90.6 percent of the browser market, down from more than 95 percent in mid-2004. Showing especially strong growth is the open-source Firefox browser, which WebSideStory said saw a 34 percent jump in usage during December.

In fact, Secunia's recent warnings of IE flaws came with a recommendation that users adopt alternative browsers.

Microsoft recently released new patches for other known Windows flaws and released a new tool that lets users remove malicious software from their computers.

Addressing the Threat

Microsoft has reportedly been working on a number of updates to IE that would help bridge the gap until Windows successor, Longhorn, is released. Microsoft also recently began to cobble together third-party enhancements to its browser at its online download center.

Enderle Group principal analyst Rob Enderle said if current trends continue, Microsoft might have no choice but to substantially upgrade its browser in order to answer much stronger competition from Firefox and others. A new version of the Netscape browser that Microsoft displaced for market dominance is also in the works.

"Microsoft doesn't like to leak out its innovations in little pieces, but they might have no choice but to do something in the interim," Enderle said.

Some analysts say Microsoft might feel an increased sense of urgency if their share of the browser market dips below the 90 percent level, which could happen as soon as this month.

Facebook Twitter LinkedIn Google+ RSS
What should be done about UFOs?
World governments should cooperate to address a potential planetary threat.
The DoD should investigate -- they could signal a hostile nation's tech advances.
The government should reveal what it already knows.
The government probably has good reasons for secrecy and should be trusted on this.
Wealthy corporate space-age visionaries should take the lead.
Nothing. Studying UFOs is a waste of resources.
Keep the stories coming. People love conspiracy theories, and it's fun to speculate.