Computer giant HP has unveiled four vulnerabilities in Internet Explorer that could allow an attacker in the worst case, the computer can take over completely and that no updates from Microsoft are available. The vulnerabilities were collected as part of the HP Zero Day Initiative. Through this initiative, HP will reward researchers for reporting of unknown vulnerabilities.
One of the vulnerabilities was during the Mobile Pwn2Own contest demonstrated and last November reported by HP to Microsoft. HP has a default policy to disclose a vulnerability after 90 days. However, Microsoft said that it needed more time to resolve the issue. However, the date that marked itself as Microsoft deadline was not met by the software giant. Then HP decided to publish the vulnerability. It is in this case a leak in all versions of Internet Explorer, including Windows Phone.
To attack a user would have to visit a malicious or hacked website vulnerability, to see an infected ad should have or open a malicious file. Then there is the rights of the logged in user arbitrary code execution. The other three vulnerabilities were reported in January and have the same impact. Microsoft again asked for more time to resolve the problems and once again the deadline was not met, so these three vulnerabilities are made public. Exact details HP, however, not given.
Users who wish to protect are advised to so in Internet Explorer to be there for executing Active Scripting permission to use, or Active Scripting in the Internet and Local intranet security zone is disabled.
No comments:
Post a Comment