Windows 7 and Windows 8.1 users are at risk from a new zero-day vulnerability in Internet Explorer 11, security researchers have warned, although Microsoft claims the flaw is yet to be exploited.
The proof-of-concept (POC) flaw was uncovered by researcher David Leo at Deusen and is described as 'Universal Cross Site Scripting(XSS)' allowing the content on domains (The Daily Mail was used as an example) to be changed remotely using modified browser cookies.
Additionally, it could mean hackers are able to insert malicious content into browsers, scrape personal data or track movements online using unsavoury web pages as a mask.
Symantec added this means someone could exploit the vulnerability to steal information. It said in a blog post: "This zero-day vulnerability could allow an attacker to bypass the same-origin policy (SOP) in order to steal from and inject information into other websites," explained the team in an advisory.
"Microsoft has not yet issued a patch or security advisory for this vulnerability. At this time, there are no indications that this vulnerability has been exploited in the wild."
Although Microsoft has implemented its Smart Screen technology on newer versions of Internet Explorer, designed to protect against phishing attacks like this, the concern is more hackers will use the method before the company fixes the flaw.
In order to take advantage of the vulnerability, a hacker would have to lure a user to a malicious website, Microsoft said in a statement: "We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information."
-
Manufacturers report millions in losses as downtime wreaks havoc on operationsNews UK manufacturers are losing up to £736 million every week due to downtime, according to new research, with outages lasting for several days on end.
-
Microsoft gives OpenAI restructuring plans the green lightNews The deal removes fundraising constraints and modifies Microsoft's rights to use OpenAI models and products
-
Microsoft angers admins as April Patch Tuesday delivers password feature without migration guidanceNews Security fixes include a zero day exploited by a ransomware group and seven critical flaws
-
Managing a late migrationOpinion When it comes to moving from Windows 7 to Windows 10, it's better late than never
-
How to set up a Windows 7 emulator for Windows 10Tutorials A complete guide for setting up a Windows 7 emulator for Windows 10 so you don’t lose access to your apps
-
The autopsy of Windows 7
In-depth Report of a postmortem examination
-
The IT Pro Podcast: Farewell Windows 7IT Pro Podcast We reflect on the legacy of one of Microsoft's most enduringly popular operating systems
-
Windows 7 ends: what do you do next?
In-depth From SMBs to big business and individuals, after 10 years it's time to move on from Windows 7
-
Windows 7 end of life: What to do if you haven't upgraded yetIn-depth Microsoft has now officially moved Windows 7 to end of life, meaning it's no longer a viable business platform
-
Windows 10 vs Windows 8.1 vs Windows 7 - Microsoft OS head-to-headVs We pit Microsoft's most popular operating systems against each other to see which is the greatest of all time
