Microsoft warns over Internet Explorer security hole

Microsoft has warned Windows users over a vulnerability in Internet Explorer that could see their personal information being stolen. Photo / Thinkstock

Microsoft Windows users are affected by a new vulnerability that allows their computers to be accessed while using the Internet Explorer browser.

In a security advisory last week, Microsoft detailed a problem with the way Explorer handles MHTML on specific types of web page.

"The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various web sites, resulting in information disclosure," the bulletin read.

Nearly all versions of Windows are affected by the problem, as are all current Internet Explorer iterations, although Windows Server 2008 or Windows Server 2008 R2 are safe if installed using the Server Core installation option.

A blog post by Microsoft Security Response Center's Angela Gunn underlined the fact that a hacker would have to create an HTML link to trigger the malicious script and then convince people to click on it.

Once the link was clicked, the malicious script could be used to collect personal user information.

"We're aware of published information and proof-of-concept code that attempts to exploit this vulnerability," she wrote, "but we haven't seen any indications of active exploitation.

"We are working on a security update to address this vulnerability and we are monitoring the threat landscape very closely."

Concerned users should run Windows Update or visit Microsoft's Download Centre.

- NZ HERALD STAFF