Microsoft acknowledged yesterday that the security flaw, uncovered last week in the latest version of its web browser Internet Explorer 3.0, is potentially serious.
The problem, discovered by a student in Massachusetts, could allow anti Microsoft hackers to set up web sites that would be destructive to Internet Explorer users but safe for all other browsers.
The flaw means web page writers can use .LNK and .URL files to access programs on a remote computer, without the victims knowing and even if their Internet Explorer?s security level is set to high.
Microsoft admitted that users running IE 3.0 or 3.1 for Windows 95 or Windows NT could be at risk but they attempted to play down the problem by pointing out that the security breach could only be triggered by someone who intentionally sought to do so.
The company claim to have found a solution to the problem and say they will post it on the Microsoft IE web page (http://www.microsoft.com/ie) shortly.
According to Dave Fester, product manager for Explorer. ?A Webmaster would have to know what the specific programs are on (the target?s) hard drive, as well as the path to use to activate through a link.?
News of the bug comes a month before the next version of the company?s browser, IE 4.0, is due to ship in wide spread beta. A limited number of early beta testers received the product last week and are already complaining of early problems in the installation mechanism of the new browser.
Microsoft seizes control of phishing sites linked with Russian state hackers
Fitness trackers over-estimate the number of steps their users take, analysis of 67 research reports suggests
Everything we think we know about the imminent Apple iPhone 9, iPhone 11 and iPhone 11 Plus launches
All the latest rumours about Apple iPhone Displays, CPUs, launch dates and even prices
Nvidia brings Turing microarchitecture into the high-end gaming segment