Security alert for Internet Explorer
Microsoft is now working with its security partners to plug a security risk in its Internet Explorer browser.The vulnerability affects IE 6 Service Pack 1 on Windows 2000 Service Pack 4, and IE 6 and 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.The exploit also requires JavaScript to exploit Internet Explorer. The exploit targets a vulnerability in the way IE uses the Cascading Style Sheets (CSS) information. CSS is used in many Web pages to define the presentation of the site’s content.Symantec says for the attacker to launch a successful attack, they need to lure the victim to a malicious Web page or compromised Web site, where malicious code could be installed on the victim’s computer, allowing remote access to its contents. Microsoft says it is not aware of any actual attacks using this exploit. It says once its investigation into the threat is complete, it will issue a remedy, either through its regular ‘Patch Tuesday’ updates or an out-of-cycle update, depending on customer needs.Consumers, meanwhile, are best advised to make sure their firewalls are activated, that their anti-virus and anti-spyware protection are up to date, to disable JavaScript and only visited trusted Web sites. Also, beware of unexpected invitations to visit Web sites or click on links.The latest version of Internet Explorer, IE8, is not affected, and if you haven’t yet updated to this version, now might be a good time to do so.