What Is the Windows Critical Bug?
Microsoft has issued a “critical” warning over a newly-discovered flaw in its Windows operating system. Microsoft released this information to the public on the 28th January 2011.
In the company security advisory, Microsoft warned of a loophole that could be used by malicious hackers to steal private information or hijack computers.
Although the flaw is actually inside the Windows operating system itself, it only appears to affect the way that Internet Explorer handles some web pages.
The bug potentially affects all user’s of the companies Internet Explorer web browser – around 900 million people worldwide.
How Could an Attacker Exploit this Vulnerability?
An attacker who successfully exploited this critical vulnerability could “inject” a client-side “script” into the current Internet Explorer session. The script could then spoof content, disclose information, or take any action that the user takes on the affected Web site on behalf of the targeted user.
Once the computer has been hijacked, hackers could use it to steal personal data or send users to fake websites. Essentially in this web-based attack scenario, an attacker could convince a user to click on a specially crafted link that would “inject” a malicious script into the current Internet Explorer session.
What Is The Affected Software?
– Windows XP Service Pack 3
– Windows XP Professional x64 Edition Service Pack 2
– Windows Server 2003 Service Pack 2
– Windows Server 2003 x64 Edition Service Pack 2
– Windows Server 2003 with SP2 for Itanium-based Systems
– Windows Vista Service Pack 1 and Windows Vista Service Pack 2
– Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
– Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
– Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
– Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
– Windows 7 for 32-bit Systems
– Windows 7 for x64-based Systems
– Windows Server 2008 R2 for x64-based Systems**
– Windows Server 2008 R2 for Itanium-based Systems
**Server Core installation not affected. The vulnerability described in this article does not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option.
What Can I Do About It?
Microsoft has said it currently has no evidence that the “bug” has already been exploited by hackers, but is instead warning that research has shown it is a serious threat.
While Microsoft has not been able to remove the bug from Windows yet, it has issued a “fix it” security patch to block any attempts by criminals to use it.
All Windows users – particularly those who use Internet Explorer – are being urged to download the fix while the company’s security team develop a way to plug the “bug” permanently.
Find it here: http://support.microsoft.com/kb/2501696