Internet Explorer XSS Vulnerability now Public: About XSS Threats

Earlier this month, security researcher David Leo disclosed a new vulnerability found in Microsoft Internet Explorer. The vulnerability was initially reported in October but was not addressed by Microsoft. According to reports, the severe security flaw allowed the same origin policy of the browser to be violated, which could let attackers steal user credentials or deploy phishing attacks via different websites. The vulnerability is known as a universal cross-site scripting (XSS) flaw.

What is Cross-site Scripting?

Cross-site Scripting (XSS) is an attack found in websites and/or web applications that accept user input. Examples of these include search engines, message boards, login forms, and comment boxes. Web forms like those that return an error message, for example, make it possible for attackers to exploit this vulnerability by adding malicious code to these functions. This allows the malicious code into the targeted website’s content, making it a part of that website, and thus affecting users who visit or view the site.

Websites that are compromised through XSS can cause a number of threats to a user’s system. The impact may vary from a display of inappropriate content to allowing malware downloads without the user’s knowledge. Additionally, because attackers can turn trusted websites into malicious ones, this can cause damage to the reputation of the website owner. While XSS problems cannot be directly addressed by users, there are several ways to prevent being a victim. Here are suitable tips for web developers, IT admins, and users on how to avoid an XSS attack:

For Website developers

  • Always keep software updated to their latest versions
  • Regularly examine the process of web applications to trace possible exploits
  • Introduce security products such as Web Application Firewall (WAF) and XSS filtering

For Users

  • Use security with web reputation
  • Access websites by directly typing in its URL and avoid blindly clicking on third-party links without verifying them first
  • Make sure to update system software and applications to prevent secondary vulnerability exploitation
  • Avoid clicking on links from unknown users on sites, emails or posts on message boards. This may lead to compromised pages
  • Don’t forget to update to the latest browser version

For IT Admins

  • Introduce comprehensive security products in end-point environments and update to the latest versions
  • Block suspicious traffic going to external sites from the network

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.