- Recommend:
- 0 Comments
Microsoft Patches Six IE Security Holes
Vulnerabilities in latest versions of Web browser could allow attackers to run code on your PC.
Microsoft has released a patch that addresses six security vulnerabilities in its Internet Explorer browser, including a critical flaw that could allow an attacker to run code on a client machine. The patch is intended for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0.
Among the changes that are provided by the patch is a fix that closes a vulnerability in one of Internet Explorer's local HTML resources. One of the HTML files shipped with Internet Explorer contains a cross-site scripting vulnerability that could allow an attacker to execute a script on a user's computer, Microsoft says in a security bulletin issued Wednesday.
The patch also addresses two information disclosure vulnerabilities that could allow an attacker to read, but not add, delete, or change, data on a user's computer. Both the cross-site scripting vulnerability and the information disclosure vulnerabilities were rated as critical flaws by Microsoft.
The patch also fixes a zone spoofing vulnerability that could allow a Web page to be viewed in Internet Explorer's Trusted Sites zone, allowing an attacker's Web page to be viewed with fewer security restrictions on a user's PC.
Final Flaws
The final vulnerabilities that the patch fixes are two content disposition vulnerabilities that could allow an attacker to fool Internet Explorer into thinking a malicious download is safe. These vulnerabilities were rated "low" to "moderate" by Microsoft.
Besides the six vulnerabilities described by Microsoft, the patch also disables frames in Internet Explorer's Restricted Sites zone. As Outlook Express 6.0, Outlook 98, and Outlook 2000 with the Outlook Email Security Update and Outlook 2002 read email in the Restricted Sites zone by default, this change also disables frames in HTML e-mail that is read using any of these applications.
The change was made to eliminate the possibility that an HTML e-mail could automatically open a new window or download an executable file, Microsoft says.
The patch is available for download from Microsoft's Web site.
Would you recommend this story? YES NO
- Recommend:
- 0 Comments
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
-
Patch Internet Explorer Now
-
Microsoft Issues Emergency Security Patch For IE
-
Patch Tuesday Defined by Flaws That Aren't Fixed
-
Windows Phone 7.5 SMS Vulnerability Can Disable Messaging
-
Critical Patch Tuesday Flaw Easy to Exploit
-
Patch Tuesday Fixes Dangerous Flaws with Exploits Imminent
-
Bugs and Fixes: Adobe gives Users Privacy Controls; Skype Patches Extremely Dangerous Vulnerability
-
Inspiron 15 Laptop Computer- IntelCore i3-390M Processor (2.66GHz, 4Threads, 3M cache) See All Prices
-
Inspiron 14z 14" Black Notebook - Customizable See All Prices
-
XPS 17 17.3" Silver Notebook - Customizable See All Prices
-
XPS 15 15.6" Silver Notebook (2.2 GHz Intel Core i7-2670QM, 8 GB DDR3, 750 GB HDD, BD-ROM/DVDRW DL, NVIDIA GeForce GT 540M, Windows 7 Home Premium, LED Backlight) See All Prices
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
Liberties Groups Rap Google's Skirting of Safari's Privacy Protections
-
Twitter Enables HTTPS by Default
-
Google's Safari Tracking Debacle: Reality Check
-
Tax Prep? There's an App for That, Too
-
Privacy Tussle Brews Over Social Media Monitoring
-
Motorola's Android OS Upgrade Timeline Is Mostly Bad News
-
Android 5.0 Jelly Bean Mobile Operating System May Arrive in Spring 2012
-
Google Working on Password Generator for Chrome
-
How Secure is My Facebook Information?
-
Google Chrome Update Fixes High-Severity Vulnerabilities, Patches Flash Player
-
Facebook to Verify Accounts, Allow Use of Nicknames
-
Adobe Confirms New Zero-day Flash Bug
Ad Choices