Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Microsoft Security Advisory (980088)

03 Feb 2010   #1

Microsoft Security Advisory (980088)

Microsoft Security Advisory (980088)
Vulnerability in Internet Explorer Could Allow Information Disclosure
Published: February 03, 2010
Version: 1.0
Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.
At this time, we are unaware of any attacks attempting to use this vulnerability.

We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.
Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.
Microsoft Security Advisory (980088): Vulnerability in Internet Explorer Could Allow Information Disclosure

Microsoft Security Advisory: Vulnerability in Internet Explorer could allow information disclosure
Microsoft Security Advisory: Vulnerability in Internet Explorer could allow information disclosure

My System SpecsSystem Spec
06 Feb 2010   #2

Windows 7 Ultimate x86 SP1

Quote   Quote: Originally Posted by NICK ADSL UK View Post

Quote   Quote: Originally Posted by,news-5739.html
A vulnerability found in Internet Explorer could expose your files to the Internet.

A security consultant on Wednesday provided a live demonstration at the Black Hat DC conference that immediately prompted a security advisory from Microsoft. Jorge Luis Alvarez Medina, the Argentina-based security consultant with Core Security Technologies, showed attendees that it was possible to use an exploit found in Internet Explorer to remotely read files on a victim's local drive.

Medina said that the security flaw extends across all versions of Internet Explorer, and cannot be fixed with a simple patch. Microsoft countered and said that consumers can work around the problem by running Internet Explorer in “protected mode.” Still, that doesn't ultimately solve the problem--many unaware Internet Explorer users will be exposed to the Internet like an at-home FTP offering free, anonymous downloads.
Read more: IE Flaw Turns Your PC into Public File Server - Tom's Guide
My System SpecsSystem Spec

 Microsoft Security Advisory (980088)

Thread Tools

Similar help and support threads
Thread Forum
Microsoft Security Advisory (2286198)
Microsoft has released Security Advisory 2286198, which addresses a publicly reported vulnerability in Windows Shell. From the Security Advisory: If AutoPlay is disabled, particularly for USB devices, in order for the vulnerability to be exploited, it would be necessary to manually browse to the...
Security Advisory 980088 Released
Microsoft Security Advisory (979352)
Microsoft Security Advisory (979352) Vulnerability in Internet Explorer Could Allow Remote Code Execution Published: January 14, 2010 General Information Executive Summary Microsoft is investigating a report of a publicly exploited vulnerability in Internet Explorer. This advisory contains...
System Security
Microsoft Security Advisory 973882, Microsoft Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:53.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App