Skip to main content

IE Flaw Turns Your PC into Public File Server

A security consultant on Wednesday provided a live demonstration at the Black Hat DC conference that immediately prompted a security advisory from Microsoft. Jorge Luis Alvarez Medina, the Argentina-based security consultant with Core Security Technologies, showed attendees that it was possible to use an exploit found in Internet Explorer to remotely read files on a victim's local drive.

Medina said that the security flaw extends across all versions of Internet Explorer, and cannot be fixed with a simple patch. Microsoft countered and said that consumers can work around the problem by running Internet Explorer in “protected mode.” Still, that doesn't ultimately solve the problem--many unaware Internet Explorer users will be exposed to the Internet like an at-home FTP offering free, anonymous downloads.

According to Computerworld, Medina offered other workarounds including an IE Network Protocol Lockdown. This is achieved by cranking up the Internet and Intranet Zones to "high," and disabling Active Scripting for both zones. He also suggested that users switch to different browsers when navigating to untrusted Websites.

According to Microsoft, the FTP-style vulnerability affects consumers using Windows XP and those who have disabled Internet Explorer Protected Mode. "The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites," the company said.

Given the security issues that has faced Microsoft's Internet browser over the years, surfers should switch to rival software such as Mozilla's Firefox and Google's Chrome. On that note, it's really hard to believe that Internet Explorer 8 is the world's most popular Internet browser. Doh.

  • Pailin
    on the other hand it might actually end up being quite secure - eventually LOL
  • pbrigido
    Revenge article for IE8 taking top spot for browser popularity?

    Doesn't effect me, I'm all about Firefox.
  • NapoleonDK
    Funny how when it's bad news they don't use the picture of everyone's favorite photoshopped FF/IE babe. =/

    In related news, Chrome is gaining market share by the second!

    Wait... Why haven't we photoshopped a Chrome logo onto her shirt yet? ^.^
  • IzzyCraft
    So basic knowlege wins don't go surfing random websites and you wont get too many virues leave your security settings on default in vista and windows 7 and you're pretty safe. t-t
  • buckinbottoms
    the FTP-style vulnerability affects consumers using Windows XP and those who have disabled Internet Explorer Protected Mode.
    In other words, you pretty much have to bend over and beg for it before you are actually vulnerable.
  • Tomtompiper
    I often get asked to fix problems on friends and family's PC's 9 times out of 10 they are caused directly or indirectly by IE. It has gotten to the point where I have removed IE from the menu and desktop and installed FF then warned them if the use IE and stuff up I will refuse to fix their machines.
  • etrnl_frost
    The worst part are the people selling their PC's to get Mac's because the Mac's are obviously so much more protected than a PC. Then they point to articles like this. Poop.
  • etrnl_frost
    Per the above comment, I apparently forgot the quotes around the phrase "Mac's are obviously so much more protected than PC's". Sarcasm failure on my part.
  • Lewis57
    He also suggested that users switch to different browsers

    Best advice all year.
  • intelliclint
    The last few rounds of virus that I had to clean off where from flash exploits using cross domain scripts. The flash is delivered through valid advertizing companies and end up on sites you would never expect. This is not just an IE problem.