Internet Explorer 'mouse tracking' flaw under Microsoft investigation

IE10
The mouse problem isn't too bad, Microsoft says

A new report surfaced on Wednesday indicating there was a massive flaw in Internet Explorer which allowed mouse cursor movement to be tracked.

The apparent JavaScript problem allowed IE to detect mouse movements even when a window was inactive or minimized.

Analytic firm Spider.IO found Internet Explorer 6 through 10 were guilty of the flaw, and even claimed, "the vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads."

The firm also disclosed two ad firms were known to use the exploit, though the flaw didn't allow for clicks to be tracked, nor could it determine what programs were open on the PC at the time.

Microsoft has since addressed the complaint, and fired back its own analysis of the problem, disputing some of Spider.IO's claims.

IE still safe and secure

In a IEBlog post published Thursday, Microsoft revealed what it knew about the issue, and how developers were working on a solution.

"From what we know now, the underlying issue has more to do with competition between analytics companies than consumer safety or privacy," said Dean Hachamovitch, corporate vice president, Internet Explorer.

According to Hachamovitch, Microsoft believes Spider.IO only brought the issue up to deal with potential competitors, which would explain the knowledge of the two supposed agencies using the exploit.

Hachamovitch further explained the lengths to which Microsoft was going to ensure the safety of Internet Explorer and its users, and claimed it would take a lot of effort on the part of an intruder to take advantage of the flaw.

"The theoretical use of this behavior to compromise the safety or privacy of consumers is something Microsoft's security team has discussed with researchers across the industry," Hachamovitch stated.

"Getting all the pieces to line up in order to take advantage of this behavior... is hard to imagine."

Just to make sure minds were at ease, he also reassured that security experts that researched the problem found no danger for any consumers using the web browser.

"From our conversations with security researchers across the industry, we see very little risk to consumers at this time," Hachamovitch concluded.

Though Microsoft still hasn't been able to completely eradicate the tracking flaw, it would appear that everyday use of Internet Explorer won't create any additional vulnerabilities for its users.

Via Engadget, The Verge