Story image

New IE exploit detected

02 Mar 2010

Microsoft is hurrying to deal with a new vulnerabilitydetected in the Internet Explorer browser that could allow a hacker to takecontrol of a computer.

The vulnerability could allow an attacker to host amaliciously crafted Web page and run arbitrary code if they could convince auser to visit the Web page and then get them to press the F1 key in response toa pop-up dialogue box. Microsoft says it is not aware of any attacks seeking toexploit this issue at this time and believes that users running Windows 7,Windows Server 2008 R2, Windows Server 2008, and Windows Vista are not affected.

“The issue in question involves the use of VBScript andWindows Help files in Internet Explorer,” a Microsoft blog posting explained. “WindowsHelp files are included in a long list of what we refer to as ‘unsafe filetypes’. These are file types that are designed to invoke automatic actionsduring normal use of the files. While they can be very valuable productivitytools, they can also be used by attackers to try and compromise a system.”

Microsoft advised users to avoid pressing F1 on dialogueboxes presented from Web pages or other Internet content.“If a dialogue box appears repeatedly in an attempt toconvince the user to press F1, users may log off the system or use Task Managerto kill the Internet Explorer process,” said the company in a securityresearch note.

Users can also set Internet Explorer to show a prompt beforerunning any Active X controls or scripting, which Microsoft said will notaffect general browsing.

A fix for the problem will probably be issued at a later date.

Tesla unveils the Model Y SUV
After much anticipation, Tesla unveiled the Model Y last week – a vehicle that is described as an all-electric, mid-size SUV that can seat seven adults – and the vehicle has a glass roof.
Preparation for Tokyo 2020 Olympics begins - with robots
The Tokyo 2020 Olympic Games are quickly approaching, but it won’t just be a sea of athletes and sports fans – now robots will make up a significant part of the fan experience.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
How AI could warn civilians before a volcanic eruption
Advance monitoring could lead to better disaster planning and evacuation warnings in the event of an eruption.
Facebook launches dedicated home for its Gaming
"All of our work on the Facebook Gaming team adds up to helping build the world's gaming community."
Spotify calls out Apple's anti-competitive behaviour
Apple's App Store rules "purposely limit choice and stifle innovation at the expense of the user experience—essentially acting as both a player and referee to deliberately disadvantage other app developers".
Sony launches headphones with 30-hour battery life
Sony’s EXTRA BASS series has a new family member that sports up to 30 hours battery life.
Chorus says the clock's ticking if you want UFB before the Rugby World Cup
“We know demand is going to be high for fibre installations in the lead up to the tournament and we want to make sure New Zealand’s most ardent supporters don't miss out."