Microsoft is investigating a flaw in Internet Explorer that could show mouse movements any attacker even when the browser window is in the foreground.
Security firm claims to have discovered failure for months Microsoft’s browser that allows the user to control the activities with the mouse and the virtual keyboard without your consent. The bug would be present in all versions of Internet Explorer from the 6, which means that the potential number of users affected would be really high worldwide.
To exploit this flaw is used advertising inserted into any web page. Once shown the ad, left open the possibility that they perform a monitoring of the movements of the user with the mouse, if the page is still open on the user’s computer. This means that a hacker could complete track user activity even if the browser window is not in the foreground, or even when minimized .
This security hole is being used by companies advertising analysis web to evaluate the effectiveness of the ads and see the movements of users after seeing the ads. However, leaving aside the implications of this activity in the privacy of users, the most dangerous is that it can be used by almost anyone and through any website where you can place ads.
The ruling would expose all users’ movements throughout their activity on the computer while the browser is running, for example to access their bank accounts online and use the onscreen virtual keyboards that many institutions use instead of physical keyboard of the computer to increase the security of access to the bank.
Although Microsoft conveniently informed of this fact, the company has not yet developed a patch that solves this problem. In fact, published a blog post on the official Internet Explorer to admit they know the problem and are investigating the situation. Literally say “what we know so far, the problem has more to do with competition between analytical companies with privacy or security of consumers’.
Meanwhile, Microsoft has released twelve security updates in seven bulletins to address some known bugs of various products. These include vulnerabilities in Internet Explorer , but not expected to follow the mouse movements and keyboard-, Windows 8, Windows RT, Word andExchange .
Updates to Internet Explorer and Word are found to be the most reviews , but they all resolve vulnerabilities that allow an attacker to execute code on the user’s computer and remotely victim without their knowledge.