XP下IE6爆漏洞，微軟建議盡快升級(jí)Win7和IE8

Win7之家（ afsion.com.cn）：XP下IE6爆漏洞，微軟建議盡快升級(jí)Win7和IE8

微軟正在調(diào)查IE瀏覽器新發(fā)現(xiàn)的安全漏洞。

微軟可信賴計(jì)算事業(yè)部總經(jīng)理Dave Forstrom星期三對(duì)法新社說，微軟正在調(diào)查一個(gè)負(fù)責(zé)任地披露的IE瀏覽器中的安全漏洞。他說，我們目前還不知道任何利用這個(gè)安全漏洞實(shí)施的攻擊或者用戶受到的影響。但是，微軟認(rèn)為這個(gè)負(fù)責(zé)任地披露安全漏洞會(huì)減少用戶的風(fēng)險(xiǎn)。

微軟稱，這個(gè)IE安全漏洞與谷歌披露的網(wǎng)絡(luò)攻擊無關(guān)，只對(duì)運(yùn)行微軟Windows XP操作系統(tǒng)的計(jì)算機(jī)有影響，Win7和Vista系統(tǒng)均無恙。微軟勸告用戶升級(jí)到最新的Windows7操作系統(tǒng)和IE 8瀏覽器。這些新的系統(tǒng)顯著增強(qiáng)了防御黑客的能力。

Forstrom說，一旦我們完成這個(gè)調(diào)查，我們將采取適當(dāng)?shù)男袆?dòng)保護(hù)用戶。這些措施包括通過每月發(fā)布的補(bǔ)丁提供一個(gè)安全更新、在補(bǔ)丁周期之外提供補(bǔ)丁或者提供額外的指南幫助用戶保護(hù)自己。 

軟媒特提供英文原文如下。

Microsoft investigates new Internet Explorer flaw

Microsoft said on Wednesday that it is investigating another flaw in Internet Explorer, this time a vulnerability that could result in an unauthorized disclosure of information for users running its browser on older operating systems.

The software maker said in a security advisory that, although it knows of no attacks based on the flaw, the vulnerability could lead to a Web-based attack from either a Web site designed to take advantage of the flaw or from a site that becomes compromised via user-generated text or a malicious ad. Either way, a user would have to actively go to the compromised Web site.

The flaw is separate from the one used to attack Google and other companies, which Microsoft addressed with an "out-of-band" security update last month.

The latest flaw could affect those running Windows XP and Internet Explorer on Windows XP. The software maker said those running the browser on a machine running Windows Vista or Windows 7 aren't vulnerable because the browser runs in a "protected mode" by default.

McAfee spokesman Joris Evers said that, although the latest issue doesn't allow the attacker to gain full control of a system, it nonetheless represents "a serious vulnerability that can expose personal information or system information that may be used in a follow up attack."

"Internet Explorer users should ensure they are protected against exploitation of this flaw and apply the patch when Microsoft releases it," Evers said.

Microsoft said it may take additional action when it finishes its inquiry, such as releasing an update as part of its monthly "Patch Tuesday" or as part of a special, out-of-band update. In the mean time, the software maker offered an automated "Fix It" that can turn on the protected mode for those running IE 6.