麻豆传媒

Microsoft browser bugs ‘extremely critical’

The alert comes after code showing how to crack a computer using flaws in Microsoft's Internet Explorer was posted online

Several flaws in Microsoft鈥檚 popular Internet Explorer web browser have been rated 鈥渆xtremely critical鈥 by security experts after code which could exploit the flaws was posted online.

Three flaws concerning the way Internet Explorer renders web pages were discovered by various US computer security researchers. Any of these could be used to break into a target PC through a specially crafted web page.

On 21 December 2004, several months after discovering one of the flaws, an independent US computer security team called GreyHats Security Group published code showing exactly how to use the flaw to hijack a computer.

Microsoft has yet to release a software fix for any of the problems and US computer security firm Secunia raised its threat assessment for all three flaws to the most severe on Friday.

鈥淚n order for us to rate a vulnerability as extremely critical, there has to be a working exploit out there and one that doesn鈥檛 require user interaction,鈥 Thomas Kristensen, Secunia鈥檚 chief technology officer told ZDNet. This means that a user would not actively have to click an exploiting web page for their computer to become infected; simply accessing the web page would be enough. 鈥淭his is our highest rating and is the last warning for users to fix their systems,鈥 cautions Kristensen.

鈥淓asy to fix鈥

A statement posted to GreyHats Security Group鈥檚 website defends the decision to post the example code online, on the grounds that Microsoft was alerted to the problem in October 2004.

鈥淭hink of how irresponsible it was of Microsoft to not patch these vulnerabilities during the several months that they were known,鈥 says a statement from GreyHats. 鈥淚t would have been easy to fix some of the core vulnerabilities.鈥

Secunia has created a that lets visitors check whether their browser is vulnerable to the exploit code.

The company recommends that computer users deactivate their browser鈥檚 ActiveX functionality. This is a component that enables a browser to access other parts of a PC and is required to exploit the Internet Explorer flaws. Alternatively, Secunia suggests using an alternative web browser altogether.

The Firefox browser, which was released in November 2004 and is written by a loose-knit community of volunteers, has grown in popularity in recent months, partly because of several highly publicised flaws in the Microsoft browser.

Topics: Computer crime