New Flaw Affects All Windows, IE Users

Microsoft has issued a formal warning that all versions of the Windows operating system (OS) are vulnerable to a new exploit. The vulnerability could allow attackers access to sensitive data (such as passwords) after a user unknowingly clicks on a malicious web link. The flaw is related to the way online content is viewed via the web browser Internet Explorer (IE).

According to the Wall Street Journal, Microsoft late last week admitted that the vulnerability exists and that it affects every version of Windows, from Windows XP to Vista, Windows 7 and even Windows Server.

Malicious Web Link Spells Trouble

The flaw reportedly resides in MIME HTML, or MHTML, a web content language viewed by Internet browsers and other applications, such as email software.

According to Microsoft Security Bulletin #2501696, a rigged website could permit a Trojan to be installed onto a PC after a user clicks on a malicious link. Once the Trojan has launched (automatically), it collects personal information and relays that information to an attacker.

Experts suggest using Mozilla Firefox or Google Chrome until a fix can be put together by Microsoft for IE. For its part, Microsoft suggests switching off the MHTML function in Internet Explorer until a fix has been formally released. (Source: ctwatchdog.com)

Flaw Affects All Versions of Windows, Not Just IE

Microsoft is reminding users that this flaw in particular is a weakness in Windows itself, and not solely Internet Explorer. Upgrading from an old version of Internet Explorer, while generally recommended, is not sufficient to keep users safe from this new vulnerability.

For those committed to using Internet Explorer, Microsoft has posted a temporary FixIt solution. The Redmond-based firm has assured IE users that the workaround will not dramatically affect the way the browser performs. (Source: technet.com)