Microsoft confirmed today that a new flaw has been discovered in Internet Explorer, which could allow hackers to access data and documents stored on a distant computer. The vulnerability affects version 6, 7 and 8 of Internet Explorer, but only computers running under Windows XP are at risk. Internet Explorer 7 and 8 can be used in Protected Mode to avoid any problem, and Microsoft recommends users to enable the "network protocol lockdown" feature in Windows XP. Computers running Windows Vista or Windows 7 are not at risk, and Microsoft should probably release a software update in order to fix that problem next tuesday.
"Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer," said Dave Forstrom from Microsoft. "We're currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to this responsible disclosure." This is the second serious security issue to affect Internet Explorer in a few weeks, as Microsoft was forced some weeks ago to release an emergency patch to fix the IE6 vulnerability that has allowed hackers to hack some Gmail accounts and Google.
