Microsoft warned on Wednesday that a flaw in its Internet Explorer browser gives attackers access to files stored on a PC under certain conditions. Microsoft warned on Wednesday that a flaw in its Internet Explorer browser gives attackers access to files stored on a PC under certain conditions.“Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,” Microsoft said in a security advisory.The vulnerability requires that an attacker knows the name of the file they want to access, it said.The disclosure is the latest security problem to affect IE. Last month, an undisclosed vulnerability in IE 6 was used in attacks that targeted more than 20 U.S. companies, including Google, which blamed China. The vulnerability has since been fixed by Microsoft. The attacks led Google to announce last week that it would phase out support for IE 6, starting with Google Apps and Google Sites in March.The IE vulnerability disclosed on Wednesday, which is caused by incorrectly rendering local files in the browser, affects several versions, including Internet Explorer 5.01 and IE 6 on Windows 2000; IE 6 on Windows 2000 Service Pack 4; and IE6, IE 7, and IE 8 on Windows XP and Windows Server 2003, Microsoft said. “Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008,” it said.Microsoft hasn’t seen any attacks that exploit the flaw and has yet to decide whether to repair the flaw through its monthly security patch release cycle or an urgent, out-of-cycle update. Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe