Microsoft's Internet Explorer could inadvertently allow a hacker to read files on a person's computer, another problem for the company just days after a serious vulnerability received an emergency patch.
The problem was actually discovered as long as two years ago but has persisted despite two attempts by Microsoft to fix it, said Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. The issue could allow a hacker to read files on a person's computer but not install other code. Nonetheless, the problem represents a serious security issue, Medina said. It affects all of Microsoft's operating systems from Windows NT through Windows 7 and every version of IE, including the latest one, IE8.
Despite the fixes, Medina found ways to pull off the same attack. Since the issue involves features rather than vulnerabilities, it may be more difficult for Microsoft to permanently fix, Medina said. "Some of those features are kind of impossible to fix," Medina said.