Microsoft warns of script injection attacks in IE

Microsoft says it's working to fix security vulnerability that lets attackers inject client-side scripts to Internet Explorer users.

PC security image

Microsoft is warning Windows users of a new "critical" vulnerability that affects all versions of the company's Windows operating system.

The issue, detailed in Security Advisory 2501696--which was released last week--details a vulnerability in the way Internet Explorer handles MHTML on certain types of Web pages and document objects. As a result, hackers and other third parties that exploit the vulnerability can gain access to a user's information, or their computer through script injection.

In its advisory, Microsoft said it had "not seen any indications of active exploitation of the vulnerability," but that the company was aware of "proof-of-concept code" that attempts to exploit it.

To keep the vulnerability at bay, Microsoft has issued suggestions for users to lock down Active Scripting, and ActiveX controls in Internet Explorer, as well as MHTML. Microsoft also said it was working with service providers to investigate server-side workarounds to the issue, as well as including any fixes in future software security updates.

About the author

Josh Lowensohn joined CNET in 2006 and now covers Apple. Before that, Josh wrote about everything from new Web start-ups, to remote-controlled robots that watch your house. Prior to joining CNET, Josh covered breaking video game news, as well as reviewing game software. His current console favorite is the Xbox 360.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)
This plain GE range has all of the essentials (pictures)
Sony's 'Interview' heard 'round the world (pictures)
Google Lunar XPrize: Testing Astrobotic's rover on the rocks (pictures)
CNET's 15 favorite How Tos of 2014