Microsoft has warned of yet another serious vulnerability in Internet Explorer (IE), this time affecting the way the browser renders locally stored content.
The flaw could allow an attacker to steal user data through a specially crafted web page. The hole has yet to be patched, and Microsoft declined to give any further details.
Microsoft confirmed in a Security Advisory that the vulnerability is present in all versions of IE, but said that users running Protected Mode in IE7 and IE8 on Windows 7 or Windows Vista are not at risk.
The company considers only Windows XP machines and systems with Protected Mode disabled to be at risk.
Microsoft is investigating the flaw and is likely to release a patch next Tuesday as part of its monthly security update.
The warning is the latest in a string of bad publicity for Microsoft's browser. A zero-day flaw surfaced in January which sent Microsoft scrambling to issue an update, and led some security experts to recommend that users dump the browser entirely.
More recently, security firms have urged consumers and enterprises to swap IE6 for a more recent version of the software or a competing browser.
_(36).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
