Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
Microsoft Patches Six IE Security Holes
Vulnerabilities in latest versions of Web browser could allow attackers to run code on your PC.
Sumner Lemon, IDG News Service
Microsoft has released a patch that addresses six security vulnerabilities in its Internet Explorer browser, including a critical flaw that could allow an attacker to run code on a client machine. The patch is intended for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0.
Among the changes that are provided by the patch is a fix that closes a vulnerability in one of Internet Explorer's local HTML resources. One of the HTML files shipped with Internet Explorer contains a cross-site scripting vulnerability that could allow an attacker to execute a script on a user's computer, Microsoft says in a security bulletin issued Wednesday.
The patch also addresses two information disclosure vulnerabilities that could allow an attacker to read, but not add, delete, or change, data on a user's computer. Both the cross-site scripting vulnerability and the information disclosure vulnerabilities were rated as critical flaws by Microsoft.
The patch also fixes a zone spoofing vulnerability that could allow a Web page to be viewed in Internet Explorer's Trusted Sites zone, allowing an attacker's Web page to be viewed with fewer security restrictions on a user's PC.
Final Flaws
The final vulnerabilities that the patch fixes are two content disposition vulnerabilities that could allow an attacker to fool Internet Explorer into thinking a malicious download is safe. These vulnerabilities were rated "low" to "moderate" by Microsoft.
Besides the six vulnerabilities described by Microsoft, the patch also disables frames in Internet Explorer's Restricted Sites zone. As Outlook Express 6.0, Outlook 98, and Outlook 2000 with the Outlook Email Security Update and Outlook 2002 read email in the Restricted Sites zone by default, this change also disables frames in HTML e-mail that is read using any of these applications.
The change was made to eliminate the possibility that an HTML e-mail could automatically open a new window or download an executable file, Microsoft says.
The patch is available for download from Microsoft's Web site.
The Best of PC World
Save on Printing Costs
Featured APC Accessories
-
APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
-
APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.
People who read this also read:
Best Prices on LCD Monitors
T240HD Black 24" Widescreen LCD MonitorPrice: $246.00
2494SW Black 24" Widescreen LCD MonitorPrice: $209.99
T260HD 25.5" Widescreen LCD MonitorPrice: $305.00
VX2433wm Black 24" Widescreen LCD MonitorPrice: $199.95
2236VW Black 22" Widescreen LCD MonitorPrice: $160.83
F19 Black 18.5" Widescreen LCD MonitorPrice: $126.99
- 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
- A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.
