Bug Poses Threat to Explorer Users

Microsoft tries to play down a problem which lets hackers target browser

Microsoft was forced to acknowledge that the security flaw, uncovered last week in the latest version of its Web browser Internet Explorer 3, is potentially serious.

The problem, discovered by a student in Massachusetts, could allow anti-Microsoft hackers to set up Web sites that would be destructive to Internet Explorer users but safe for all other browsers.

The flaw means Web page writers can use LNK and URL files to access programs on a remote computer without the victims knowing, and even if their Internet Explorer?s security level is set to high.

Microsoft admitted that users running Internet Explorer 3 or 3.1 for Windows 95 or Windows NT could be at risk from hackers, but it attempted to play down the problem by pointing out that the security breach could only be triggered by someone who intentionally sought to do so.

The company claims to have found a solution to the problem and says that it will be posting it on the Microsoft Internet Explorer Web page in the near future.

According to Dave Fester, product manager for Explorer, ?A Webmaster would have to know what the specific programs are on [the target?s] hard drive, as well as the path to use to activate through a link.?

The acknowledgement of the bug comes one month before the next version of the company?s browser, Internet Explorer 4, is due to ship in widespread beta.

A limited number of early beta testers received the product last week and are already complaining of early problems in the installation mechanism of the new browser.