Skip to main content
  1. Home
  2. Computing
  3. News

HP reveals discovery of bugs in IE on phones that Microsoft still hasn’t fixed

By

microsoft bleeds ie users to google chrome on top by mid year internet explorer
Image used with permission by copyright holder
Using Internet Explorer has always been risky business for its diehards, as despite falling from grace as the world’s most popular browser, the fact that it was always pre-installed with Windows practically guaranteed that those who used it were less likely to be security concious — which in turn made it a boon for malware makers. That trend continues to this day, as HP has turfed up four new bugs that affect the mobile version of the Microsoft browser.

Discovered by HP’s TippingPoint division, the bugs were originally reported to Microsoft six months ago, giving the software giant fair warning in fixing them before it made the flaws public. However all of them still exist to this day and though Microsoft initially asked for an extension on its grace period to fix the flaws, HP decided to waive that option and has unveiled the bugs for all to see.

Related: Microsoft to axe Internet Explorer

Related

Each of the four exploits allow for the remote execution of code on a user’s smartphone, even if their version of Internet Explorer is fully patched and updated. They would need to visit specific sites with the browser to contract the malware, but once infected, clearing them out isn’t easy.

Microsoft has issued a statement on the matter, saying that it was “aware of the reports regarding Internet Explorer for Windows Phone. A number of factors would need to come into play, and no attacks have been reported. We continue to monitor the situation and will take appropriate steps to protect our customers.”

While some have questioned as to why the company hasn’t fixed up these problems, Ars suggests that it may be that Microsoft instead wanted to focus on fixing problems that arose from the Hacking Team revelations earlier this month. Though that doesn’t explain why it didn’t act months ago when the faults were originally raised.

Editors’ Recommendations

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more