By Daily Mail Reporter
Last updated at 1:00 PM on 24th December 2010

Hackers could exploit the way that Microsoft browsers process design instructions for web pages

Hackers could exploit the way that Microsoft browsers process design instructions for web pages

Microsoft have warned about a flaw on the Internet Explorer browser, that could allow hackers to take control of unprotected computers.

The bug allows hackers to inject malware onto any system if they manage to trick users into visiting booby-trapped websites.

Anyone with IE 6 to 8 is potentially affected and there is currently to patch available to fix the problem.

The code to exploit the bug has already been published. The computer giant said there was no evidence it was being used yet by criminals but they were 'investigating' and working on a permanent fix.

Dave Forstrom, the director of Microsoft's Trustworthy Computing group, said: 'We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact.'

The bug targets how the browser manages a computer's memory when it is processing Cascade Style Sheets - which are design instructions that determine how most web pages look.

Hackers can inject their own code into the stream of instructions and in this way hijack the PC. Although Microsoft has improved how memory management is protected, it does not work when some older parts of Windows are called on.

The bug first came to light on the seclists.org full disclosure mailing list earlier this month.

Rik Ferguson, security analyst at Trendo Micro told the BBC: 'As vulnerabilities go, this kind is the most serious as it allows remote execution of code.

'This means the attacker can run programs, such as malware, directly on the victim's computer.

'It is highly reminiscent of a vulnerability at the same time two years ago which prompted several national governments to warn against using IE and to switch to an alternative browser.'



Here's what readers have had to say so far. Why not add your thoughts below, or debate this issue live on our message boards.

The comments below have been moderated in advance.

In fact there are tech savvy users that do use IE. It isn't all that difficult to produce stuff that displays correctly in IE 6, 7 and 8 ... and yes ...depending on the statistics that you view ... IE is still the most popular browser. Firefox is not immune from such problems .. see http://www.mozilla.org/security/announce/2010/mfsa2010-17.html. I agree that bug mentioned here is serious ... but lets have grown up discussions about this.

Report abuse

...The difference between IE and mozilla/firefox etc. is that when you get hacked on one of the latter, you may not even know about it, let alone get a free patch to fix it. "Drive-by downloads" are the hardest internet infections to avoid, as they often hide inside banner adverts on a signed and legitimate website that may well be unaware of the malicious code on their pages. I was infected last year by a "schools closed today" section of a council website, and this year almost a year to the day by a TV programs schedule website. Make sure your firewalls are uptodate! There's a lot of public complacency regarding the internet, with some people thinking that they are safe as long as they avoid "dodgy" websites. You are not safe if the page of the internet being viewed is reachable by someone who IS dodgy - and that is MOST websites, not just the "low-budget" and "borderline illegal" ones such as 'music download' or "free software" types.

Report abuse

what a suprise - yet another flaw - try firefox or google chrme

Report abuse

Simple answer. Use an Apple Macintosh computer! Vastly superior.

Report abuse

This is nothing new. 2 hours online with internet security software turned off, I find 20 trojans on my PC. Fed up and switched to Mac. Microsoft has failed me for years.

Report abuse

Get a Mac

Report abuse

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.