Two New Internet Explorer Security Vulnerabilities in One Week

As if there weren’t enough reasons not to use Internet Explorer for Windows, this week alone two new threats were discovered. The first is a Trojan horse that exploits a (still unpatched) bug found in Internet Explorer first discovered in May.

Microsoft has yet to provide a fix for the vulnerability, but is working on a patch, according to the security advisory. Security-monitoring company Secunia deems the problem “extremely critical,” its rarely given highest rating.

The vulnerability puts computers running Windows 98, Windows Millennium Edition, Windows 2000 and Windows XP at risk. An attacker could gain complete control of vulnerable systems by hosting malicious code on a Web site. Once an IE user visits the site, the malicious program would run without any user interaction.

[via ZDNet]

The second is a design flaw in the way Internet Explorer handles CSS import commands and allows an attacker to retrieve private user data or execute operations on the users behalf on remote domains, Matan Gillon, who discovered the vulnerability, wrote in his article. The reason this is so troubling is because, by exploiting this vulnerablity, attackers can actually bypass extremely strict security limitations and create JavaScripts that have inter-domain communications ability (XSS attacks). If that sounds scary it’s because it should.

[Unlike] classic XSS holes […] in this case the target site doesn’t have to be vulnerable to script injection. All an attacker has to do is lure a user to a malicious web page. Thousands of web sites can be exploited and there isn’t a simple solution against this attack at least until IE is fixed. That means millions of IE users are affected by this design flaw.

This vulnerability has been tested to work on a fully patched Microsoft Internet Explorer 6 browser and earlier versions are possibly vulnerable as well. Mozilla Firefox seems to adequately keep domain restrictions in CSS imports and doesn’t seem to be vulnerable to this type of attack. Opera isn’t vulnerable because it doesn’t support the styleSheets collection. Possible solutions for users to mitigate this attack would be to disable Javascript in IE or use a different browser.

If you haven’t yet, now it’s really time to switch.