Microsoft downplays IE flaw that allows mouse tracking

Microsoft says it is investigating reports of a vulnerability in multiple versions of Internet Explorer

Microsoft says it is investigating a possible bug in Internet Explorer that allows others to follow the position of your mouse cursor on screen, even if IE is minimized.

Researchers at, an advertising analytics firm, discovered the function and reported it to Microsoft in early October. They identified a vulnerability in Internet Explorer, found in versions 6 through 10, that enables people to track the mouse cursor anywhere on a display, which could compromise the security of virtual keyboards and virtual keypads.

Heres a video demo of the exploit:

Microsoft acknowledged the issue, but did not address it in the latest patch update for the browser. So far, Microsoft claims its evidence indicates that sites can view only the mouse state, but not the actual content that the user is interacting with.

The company now says it is working closely with other companies to address the vulnerability.

From what we know now, the underlying issue has more to do with competition between analytics companies than consumer safety or privacy, said Dean Hachamovitch, a Microsoft vice president who oversees IE, in a blog post.

We are actively working to adjust this behavior in IE. There are similar capabilities available in other browsers. Analytics firms can expect to do viewpoint detection in IE similarly to how they do this in other browsers, Hachamovitch added. The only reported active use of this behavior involves competitors to providing analytics. The theoretical use of this behavior to compromise the safety or privacy of consumers is something Microsofts security team has discussed with researchers across the industry.

Hachamovitch says that getting all the right pieces in order to exploit this vulnerability is hard to imagine, and that there is very little risk to consumers at this time.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags privacyMicrosoftInternet ExplorerWeb & communication software

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Daniel Ionescu

Latest Videos

More videos

Blog Posts