Microsoft has already confirmed in an emailed statement that Internet Explorer is affected by a security flaw that allows attackers to track users’ mouse position, but the company has now published a blog post to reveal that it’s also working on a fix.
According to our previous report, Internet Explorer versions 6 to 10 are all affected by a security glitch that could allow an attacker to track mouse movements and thus compromise sensitive information such as bank accounts and other private data.
Although Spider.io said it informed Microsoft about the flaw in October and the company refused to release a patch, the Redmond-based technology giant now explains that a fix should be released anytime soon.
“Over the last few days we’ve seen reports alleging abuse of a browser behavior regarding mouse position. Microsoft is working closely with other companies to address the concern of mouse position movement. From what we know now, the underlying issue has more to do with competition between analytics companies than consumer safety or privacy,” Dean Hachamovitch, corporate vice president, Internet Explorer, said in a blog post.
“We are actively working to adjust this behavior in IE. We take these risks very seriously,” he continued.
A Microsoft spokesperson told us that “there are no reports of active exploits or customers that have been adversely affected” because of the flaw. In addition, the company sees “very little risk to consumers at this time.”
While we don’t know the release date for the new patch, this new Internet Explorer vulnerability could allow an attacker to break into a vulnerable computer even if the browser is inactive, unfocused or minimized. According to Spider.io, at least two display ad analytics companies have already exploited the flaw “across billions of webpage impressions each month.”
Microsoft promises to provide more information on this topic in the near future, so we’ll keep you up to date.