Hacker Posts Code for Attack on Older Versions of IE

PCs running older versions of Microsoft's Internet Explorer browser could be at risk of a new attack, thanks to an unidentified hacker who posted attack code to the Bugtraq mailing list, reports Computerworld.

The attack affects Internet Explorer versions 6 and 7. The article explains:

The flaw lies in the way Internet Explorer retrieves certain Cascading Style Sheet (CSS) objects ... For the attack to work, the hacker would have to lure a victim to a Web page that contained maliciously encoded JavaScript.

Although the code does not always work properly, it could be used to install unauthorized software on a victim's computer, says Symantec. While Symantec has not yet seen the attack being used by criminals, it:

expect[s] that a fully-functional reliable exploit will be available in the near future.

Not updating your software is a sure-fire way to become a victim of such attacks. For other tips on how to protect yourself, especially during this holiday season, check out this post on our Network Security Edge site.