A security vulnerability in Microsoft’s Internet Explorer Web browser is being exploited by computer criminals to carry out targeted, politically motivated online attacks.
The attacks make use of a flaw in the Web browser’s MHTML processing — a file format composed of HTML code and external links such as images and audio files — to run malicious scripts on a user’s system that could result in information disclosure, Microsoft reported.
The Internet Explorer MHTML bug was publically disclosed in January, but Microsoft never issued a patch for it. It affects all versions of Windows.
In a March 11 blog, Google researchers said they have seen "highly targeted and apparently politically motivated attacks " using the Internet Explorer flaw. "We believe activists may have been a specific target. We’ve also seen attacks against users of another popular social site,"researchers wrote.
Microsoft has released a Fixit tool on its website to address the problem, but has not announced when it will issue a formal security update.
- The Sound of Hacking: Researchers Use Trojan CD to Hack Car
- Airplane Wi-Fi Can ‘Blank’ Navigational Equipment
- Security and Privacy Software Review