Thank you, Microsoft. Some months I worry that I won't have much to write about. But the bug factory in Redmond almost assures me of permanent employment.
This month, Microsoft released its most recent cumulative patch for Internet Explorer versions 6.0, 5.5, and 5.01. The patch fixes six newly discovered holes, and it includes all previous security patches. But the patch had been out for less than a day before bug trackers discovered a problem.
Danish bug catcher Thor Larholm and Israeli researchers at GreyMagic Software say the fix for one of the worst bugs works only with IE 6--not with versions 5.5 or 5.01. The bad bug is called a cross-site scripting vulnerability. A hacker could craft a Web page or send an HTML e-mail message that ran as if it were in IE's Local Computer zone. Typically, this zone has lower security settings than IE's Internet zone.
If the Web link or e-mail contained nefarious code, and if you had IE's security set to the lowest setting, the devious code could take over your PC.
Microsoft claims the patch blocks all attacks, but the bug experts say that it stops such attacks only on IE 6. "We have an investigation under way and will respond appropriately," says Christopher Budd, a program manager with Microsoft's Security Response Center. That answer is Microsoft-ese for "We will issue more patches if necessary." No word yet on when or whether Microsoft will do so.
Aside from the fix for cross-scripting, the cumulative patch contains two others that Microsoft calls "critical." One flaw would allow someone to read (but not change or delete) the files on your PC. Another hole would let a malefactor send you a special cookie, either through a Web page that you click or via an HTML e-mail that you open; this evil cookie could read the contents of other cookies.
Your system is protected from e-mail attack through all three holes if you've installed the Outlook E-Mail Security Update or if you're running Outlook 2002 with the "Read as plain text" option enabled.
Jump to Microsoft's Security Bulletin for a link to the cumulative patch. While you're on this Web page, click the Technical Details link for the Outlook update download and for more details about the update.
Microsoft promises that all of these fixes will be included in the upcoming Service Pack 1 for IE 6.0, but the company hasn't said when the service pack will be available.
- Page 1 of 3
- Next »
Would you recommend this story? YES NO
- Bugs and Fixes: Medicine for IE, Outlook, and Windows
-
Microsoft's Fix for Outlook's 'General Failure' Error for E-Mail Links
- Bugs and Fixes: Gaping Holes in Internet Explorer
- Bugs and Fixes: Patch New Cracks in Microsoft Software
- Bugs and Fixes: Leaky Windows--Keep the Hackers Out
- Bugs and Fixes: Problems All Around With Microsoft Software
-
IdeaPad U300s If there's a laptop that deserves the moniker "Ultrabook" it's the Lenovo IdeaPad U300s.
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad T420 Just about every IT person we know swears by the T series--for their clients and themselves.
Buy now direct from Lenovo
-
Pavilion g6-1d00 g6-1d60us A6Z59UA 15.6" LED Notebook - Fusion A4-3305M 1.9GHz - Charcoal Gray See All Prices
-
Pavilion g7-1310us Gray Notebook See All Prices
-
Pavilion dv6-6c10us 15.6" Gray Notebook (1.5 GHz A-Series A6-3420M, 6 GB DDR3, 640 GB HDD, DVDRW DL, Radeon HD 6520G, Windows 7 Home Premium, LED Backlight) See All Prices
-
Pavilion dm4-3050us 14" Black Notebook (2.5 GHz Intel Core i5 2450M, 6 GB DDR3, 750 GB HDD, DVDRW DL, Intel HD Graphics 3000, Windows 7 Home Premium, LED Backlight) See All Prices
- HTC One X Android Phone, $129 AmazonWireless is selling the brand-new HTC One X smartphone for only $129, offer good for existing and new AT&T subscribers.
- 5 Great Android Apps for Cloud Admins Here's a great collection of tools for anyone responsible for administering servers or services in the cloud.
- Lenovo Launches Fleet of New Ivy Bridge ThinkPads and IdeaPads The details on Lenovo's new line of ThinkPads and IdeaPads.
- Google Chrome Now Syncs Open Tabs Across Your Devices The latest stable release of Google Chrome automatically syncs your open tabs.
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
Lenovo Launches Fleet of New Ivy Bridge ThinkPads and IdeaPads
-
Dell Inspiron 14z Laptop Plus Adobe Software, $480
-
Lenovo's ThinkPad X1 Carbon: Lightest 14-Inch Ultrabook in a Narrow Field
-
New MacBook Pros Expected: A WWDC 2012 Forecast
-
New DDR4 Memory to Boost Tablet, Server Performance
-
Lenovo Packs 'Thinnest' ThinkPad Ultrabook With 4G LTE
-
Gamers Can Test Skill With Backgammon App for Apple Devices
-
iPhone and iPad App Makes it Easier to Follow Content on Sports Teams
-
Google Mother's Day Doodle Points to Weird History of Holiday
-
Apple Readies OS X for Retina Display Macs
-
Open Source Cloud Project Backers Duking It out for Support
-
Adobe Will Issue Free Security Patches for High-profile Creative Suite Apps
Ad Choices