Authored by a Symantec employee
What is it?
A serious vulnerability has been discovered in Internet Explorer that could potentially allow attackers to steal information from a website, as well as inject information into other websites. The vulnerability bypasses what is known as the Same Origin Policy in Internet Explorer, which is used to prevent scripts from one website reading or modifying data on another website. While there are no indications that this vulnerability has been exploited in the wild, there is concern that this vulnerability will allow attackers to craft an email containing a link to a compromised or malicious website. If a recipient were to click the link, the malicious website could allow the attacker to obtain sensitive information.
Who is affected?
Computers running Internet Explorer 11 on versions of Windows 7 and 8.1.
How do I stay protected?
If you are concerned about this vulnerability, it is recommended to switch to a different web browser like Mozilla Firefox or Google Chrome, until Microsoft issues a patch.
Microsoft has not yet issued a patch or security advisory for this vulnerability. We will update this post once we learn more.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.