A Vulnerability In Internet Explorer Puts User Credentials At Risk, Microsoft Is Working To Fix It

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Internet Explorer 11

A new vulnerability in the Internet Explorer was revealed today. This vulnerability is applicable to all the latest versions of IE and it allows anyone to access login credentials of the user. This is a universal cross-site scripting (XSS) bug and a proof-of-concept exploit was recently published on the web.

IE Hack

To demonstrate the attack, content of dailymail.co.uk was changed by external domain.

Once in possession of the cookie, an attacker could access the same restricted areas normally available only to the victim, including those with credit card data, browsing histories, and other confidential data. Phishers could also exploit the bug to trick people into divulging passwords for sensitive sites.

Microsoft is aware of this bug and already working on a fix.

We are not aware of this vulnerability being actively exploited and are working on a security update. To exploit this, an adversary would first need to lure the user to a malicious website, often through phishing. SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against phishing websites. We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information.

via: Ars Technica

User forum

0 messages