Microsoft Issues Security Advisory for Security Hole in IE6 and IE7

The Internet Patrol default featured image
Share the knowledge

Microsoft has issued a vulnerability security advisory (#981374) for a security hole in Internet Explorer 6 (IE6) and Internet Explorer 7 (IE7) that could allow someone to remotely execute code on your PC – that is, to remotely operate your computer.

Explains Microsoft of the IE6 and IE7 vulnerability, “Microsoft is aware of a new vulnerability that affects Internet Explorer…. At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”

The way that this vulnerability is most likely to be exploited, says Microsoft, is through creating a website designed to take advantage of the vulnerability, and then luring unsuspecting users to the site. “An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. The attacker could also take advantage of compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability,” explains Microsoft.

Although both Internet Explorer 6 (IE6) and Internet Explorer 7 (IE7) are affected by this vulnerability; Internet Explorer 8 is not affected.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Microsoft has repeated exhorted their users to stop using IE6, and discontinued support of IE 6 last month, leading to the staging of a funeral for IE6.

The vulnerability can only be exploited if Active Scripting is enabled on your system, so unless and until Microsoft issues an update to address this vulnerability, your best bet to protect against this vulnerability is to set your Internet zone security to “high” which disables Active Scripting. Says Microsoft, “Based on our investigation, setting the Internet zone security setting to High will protect users from the issue described in this advisory.”

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.