Serious bug in fully patched Internet Explorer puts user credentials at risk

Microsoft engineers are working to patch universal XSS vulnerability

A vulnerability in fully patched versions of Internet Explorer allows attackers to steal login credentials and inject malicious content into users’ browsing sessions. Microsoft officials said they’re working on a fix for the bug, which works successfully on IE 11 running on both Windows 7 and 8.1.

The vulnerability is known as a universal cross-site scripting (XSS) bug. It allows attackers to bypass the same origin policy, a crucially important principle in Web application models that prevents one site from accessing or modifying browser cookies or other content set by any other site. A proof-of-concept exploit published in the past few days shows how websites can violate this rule when people use supported versions Internet Explorer running the latest patches to visit maliciously crafted pages.

This is yet another chance for hackers to attack businesses and puts their user credentials at risk.  This is why it is critical for businesses to take all opportunity to secure their network because no matter the size of the corporation you are not safe.

Read more

Check out services offered by Sentree Systems, Corp. offers to help secure business networks.


CEO, Author of the #1 Risk to Small Businesses

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}