Microsoft can't win
After swiftly patching a flaw in its IE browser after
government agencies suggested that it no longer be installed in Europe,
Microsoft has found itself in the middle of another row.
A security research firm Core Technologies said it has
discovered another set of vulnerabilities in Internet Exploder that means that
hackers can link together and exploit, to remotely access all of the data on a
personal computer. Jorge Luis Alvarez Medina, a security consultant with
Boston-based Core said that there were three or four ways to conduct this type
of attack using a string of four or five minor vulnerabilities in IE.
Although none of the vulnerabilities are serious enough
to compromise a machine, a hacker could take control of a PC by exploiting all
of them at once, he said. The combination would overwhelm the browser, giving a
hacker access to all data on the PC after a user clicks on a malicious link, he
said.
Core was working with Microsoft to find a way to mitigate
the risk, but added that he believed other vulnerabilities would crop up even
after a solution to these. This is bad news for Microsoft which is trying to
convince the world that its browser is safe and not to download Firefox or
Chrome.