Security analysts Wednesday warned users of a pair of unpatched bugs in Microsoft's popular Internet Explorer browser that may soon be in play because proof-of-concept code has gone public for both.
The two vulnerabilities have been detailed on the Full Disclosure security mailing list, and were the root of alerts issued by the SANS Institute's Internet Storm Center and Symantec Corp. on Wednesday.
One vulnerability lets attackers execute their code remotely if they can dupe users into double-clicking on a file included in a malicious Web page. The Internet Storm Center claimed that the current proof-of-concept exploit code requires this kind of user interaction, but that went on to warn that "we can expect to find creative use of this exploit in the wild very soon." According to the ISC, disabling IE's active scripting capabilities might protect against an exploit of the bug.
The second flaw is due to a failure of IE to enforce cross-domain policies, Symantec said in a warning to customers of its DeepSight threat system. IE, which has been victimized by numerous cross-domain vulnerabilities, could be exploited to hijack usernames and passwords.
"This vulnerability can be potentially nasty as attackers can use it to retrieve data from other web sites [that the] user is logged into (for example, webmail) and harvest user credentials," said the ISC note. "Several handlers have spent a little more time validating this particular issue and while it is a subtle exploit and rated a lower level risk, this issue has raised some of our neck hairs."
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
