Well, it’s been well documented that Microsoft’s Internet browser, Internet Explorer has been found to be flawed many times and used by virus creators to unknowingly install and run malicious commands.

Well, recently, a newly discovered critical flaw in the browser was made public. The flaw has been posted on a number of sites around the Internet and allows even unskilled hackers to exploit the way the Internet Explorer processes data.

More specifically, the problem occurs with the way Internet Explorer reacts to HTML code when it is presented in a certain way. The flaw allows the hackers to corrupt system memory and run possibly malicious code on the computer.

The flaw shows in Internet Explorer 6 running on Windows XP (Service Pack 2) and even on IE 7 beta, which Microsoft is currently working on for Windows Vista.

Scott Carpenter, director of security labs at Secure Elements, stated:

“It’s just a matter of time before the exploit gets turned into a virus or a worm, capable of creating considerable damage on unprotected systems.”

“The most probable vector for this worm will be in the form of an e-mail with malicious links that will tempt users into clicking on a link that takes them to a Web site from which malicious code can be downloaded.”

Scott Carpenter also stated that the problem is a bigger threat to Administrator accounts in Windows XP. Those with more limited accounts are less likely to take a hit from this flaw.

Microsoft states that it still would take a few things to fall into place for the virus to actually run. If the flaw is exploited through a website, then the owner would have to find a way of getting people to visit the site. If it is through e-mail, the virus won’t run if it isn’t opened or seen through a preview filter.

Microsoft recommends that you turn off the Active Scripting function in Internet Explorer to be completely safe.

To Turn Off Active Scripting

  1. Select “Tools” from the menu
  2. Click on “Internet Options”. A window will display with a number of tabs at the top.
  3. Click on the “Security” tab
  4. Click on the “Custom level” button on the bottom of the window. A new window will appear with options.
  5. Scroll down to “Scripting”
  6. The first customizable option will say, “Active Scripting”
  7. You will see “Enable”, “Disable”, or “Prompt” option buttons.
  8. Select “Disable”
  9. Click the “OK” button at the bottom of the window.

Active Scripting has been turned off.

It should be noted that if any sites you regularly visit use active scripting, the change will prevent them from doing so. To allow those sites simply go back to Step 3, select the “Trusted Sites” icon, a new window will appear for you to type in your trusted sites. Select OK and those sites now will allow the active scripting.

[via Computerworld]

Technorati Tags: Gazotto, , , , .