Internet Explorer 11 on Windows 8.1 and Windows 7 is presently affected by a universal XSS flaw. This bug allows an attacker to craft a malicious website that can then inject or steal information, such as authentication cookies, from websites the victim interacts with.
Words sometimes only go so far to explain the nature of such an attack. This proof of concept harmlessly demonstrates the power at hand.
Microsoft has acknowledged the exploit and is working toward a fix. In the meantime, your options to protect yourself are limited. Since this is a flaw with the way the rendering engine enforces the same-origin policy, tricks like Enhanced Protected Mode and even the Enhanced Mitigation Experience Toolkit are going to be ineffective.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|SolidRun MicroSoM offers Braswell CPUs on a tiny package||10|
|Friday Night Shortbread||13|
|Doom's latest update adds Deathmatch and private matches||9|
|Rumor: Google to showcase mesh networking router soon||8|
|Deals of the week: SSD storage and a gaming laptop||15|
|Asus upgrades its G11 gaming desktops with Pascal power||9|
|Work with Pritchard again in Mankind Divided's System Rift DLC||5|
|Titanfall 2 PC requirements point to a smooth experience||33|
|DSFix creator Durante outlines the realities of game optimization||24|