XP下IE6爆漏洞，微软建议尽快升级Win7和IE8

Win7之家（ www.win7china.com）：XP下IE6爆漏洞，微软建议尽快升级Win7和IE8

微软正在调查IE浏览器新发现的安全漏洞。

微软可信赖计算事业部总经理Dave Forstrom星期三对法新社说，微软正在调查一个负责任地披露的IE浏览器中的安全漏洞。他说，我们目前还不知道任何利用这个安全漏洞实施的攻击或者用户受到的影响。但是，微软认为这个负责任地披露安全漏洞会减少用户的风险。

微软称，这个IE安全漏洞与谷歌披露的网络攻击无关，只对运行微软Windows XP操作系统的计算机有影响，Win7和Vista系统均无恙。微软劝告用户升级到最新的Windows7操作系统和IE 8浏览器。这些新的系统显著增强了防御黑客的能力。

Forstrom说，一旦我们完成这个调查，我们将采取适当的行动保护用户。这些措施包括通过每月发布的补丁提供一个安全更新、在补丁周期之外提供补丁或者提供额外的指南帮助用户保护自己。 

软媒特提供英文原文如下。

Microsoft investigates new Internet Explorer flaw

Microsoft said on Wednesday that it is investigating another flaw in Internet Explorer, this time a vulnerability that could result in an unauthorized disclosure of information for users running its browser on older operating systems.

The software maker said in a security advisory that, although it knows of no attacks based on the flaw, the vulnerability could lead to a Web-based attack from either a Web site designed to take advantage of the flaw or from a site that becomes compromised via user-generated text or a malicious ad. Either way, a user would have to actively go to the compromised Web site.

The flaw is separate from the one used to attack Google and other companies, which Microsoft addressed with an "out-of-band" security update last month.

The latest flaw could affect those running Windows XP and Internet Explorer on Windows XP. The software maker said those running the browser on a machine running Windows Vista or Windows 7 aren't vulnerable because the browser runs in a "protected mode" by default.

McAfee spokesman Joris Evers said that, although the latest issue doesn't allow the attacker to gain full control of a system, it nonetheless represents "a serious vulnerability that can expose personal information or system information that may be used in a follow up attack."

"Internet Explorer users should ensure they are protected against exploitation of this flaw and apply the patch when Microsoft releases it," Evers said.

Microsoft said it may take additional action when it finishes its inquiry, such as releasing an update as part of its monthly "Patch Tuesday" or as part of a special, out-of-band update. In the mean time, the software maker offered an automated "Fix It" that can turn on the protected mode for those running IE 6.