It’s one step forward and one back for security on Microsoft’s Internet Explorer browser. A new report from a security firm found that IE9 beta offers “vastly” more protection from malware than other browsers, while Microsoft on Wednesday issued a warning that there is a vulnerability in IE 6, 7 and 8 that could allow someone to take remote control of the computer.
The software giant said there is no evidence this vulnerability has actually been used. Dave Forstrom, director of Microsoft’s Trustworthy Computing group, said Microsoft was “currently unaware of any attacks trying to use the claimed vulnerability or of customer impact.”
Cascading Style Sheets
The attack could be hidden as malicious code in a web page, and involves the way computer memory is managed when the browser processes Cascading Style Sheets. CSS is widely utilized to control how a page is presented.
Microsoft has issued updates to fix the memory management problem, but now it appears the updates aren’t completely effective. While it works on a more permanent fix, the company has recommended the use of a free Enhanced Mitigation Experience Toolkit that it offers. But, the company said, “the issue does not currently meet the criteria” for an out-of-cycle fix.
The company said IE Protected Mode on Windows Vista and Windows 7 “helps to limit the impact” of this vulnerability. But according to some security researchers, the vulnerability can be still exploited in up-to-date Windows 7 and Vista computers.
‘Exceptional’ IE9 Beta
Meanwhile, NSS Labs has tested live malware threats of various browsers and found that IE9 beta caught what it called an “exceptional” 99 percent of live threats.
IE9 has both SmartScreen URL filtering and the new SmartScreen Application Regulation service, the combination of which NSS Labs credited for the good performance. The report also found that the presence of SmartScreen URL filtering…