Microsoft IE breached by new attacks

Internet Explorer has a new security vulnerability, but it's unclear what Microsoft can do to fix it.

There is no question that Microsoft's Internet Explorer has become more secure over time. There's also no question that with roughly 69 percent of the global browser market, IE remains a meaty target.

It is therefore not surprising that IE is under attack, though perhaps the recent breach of fully-patched IE is surprising, as as The Register reports:

The attacks target a flaw in the way IE handles certain types of data that use the extensible markup language, or XML, format. The bug references already freed memory in the mshtml.dll file. According to IDG News, exploits work about one in three times, and only after a victim has visited a website that serves a malicious piece of javascript.

As usual, there is browser security and then there's "user of the browser security." I suspect that the former is pretty strong with IE, but the latter...? Well, if someone wants to foolishly visit suspect sites, perhaps they're getting what they deserve.

Tech Culture
About the author

    Matt Asay is chief operating officer at Canonical, the company behind the Ubuntu Linux operating system. Prior to Canonical, Matt was general manager of the Americas division and vice president of business development at Alfresco, an open-source applications company. Matt brings a decade of in-the-trenches open-source business and legal experience to The Open Road, with an emphasis on emerging open-source business strategies and opportunities. He is a member of the CNET Blog Network and is not an employee of CNET. You can follow Matt on Twitter @mjasay.


    Discuss Microsoft IE breached by new attacks

    Conversation powered by Livefyre

    Show Comments Hide Comments