All Internet Explorer Versions Have HoleDecember 13, 2008 – 9:26 AM
The unpatched bug in Internet Explorer 7 (IE7) that hackers are now exploiting also exists in older versions of the browser, including the still-widely-used IE6, Microsoft Corp. said.
Friday, a Danish security researcher added that Microsoft’s original countermeasure advice was insufficient, and recommended users take one of the new steps the company spelled out.
In a revised security advisory, Microsoft said research confirmed that the bug is within all its browsers, including those it currently supports — IE5.01, IE6 and IE7 — as well as IE8 Beta 2, a preview version the company doesn’t support through normal channels.
Users running any of those browsers on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk, Microsoft said.
Even so, the company continued to downplay the severity of the threat. “At this time, we are aware only of limited attacks that attempt to use this vulnerability against Windows Internet Explorer 7,” said the advisory.
Microsoft also spelled out the root of the problem, saying that the bug is in IE’s data binding functionality, and not, contrary to earlier reports by independent security researchers, in the HTML rendering code.