Tuesday, March 28, 2006

Internet Explorer Vulnerability

If you're using Internet Explorer, be advised Microsoft has released a
security advisory for Internet Explorer. This would allow an attacker
to run code under the context of the logged on user. The only
workaround is to disable active scripting, which isn't such a great
workaround because it breaks so many sites. You can find the Microsoft
Advisory here:

Microsoft Security advisory (917077)

There are a number of sites which are already using exploits for the
vulnerability, so if you haven't been lately, start practicing safe
browsing habits again. All that's required is a visit to activate the
exploit. If you're interested in potential patches, there are two out
by a couple of security companies. Neither fix the problem but instead
mask the vulnerability as fixing it would require changing Microsoft's
files. However, neither are supported by Microsoft (no big surprise).
Microsoft has previously said they plan on releasing an update on 4/11,
the normal monthly patch day, but who knows? They may move it up.
Read, consider risk, etc. As far as the two patches:

eEye Digital Security


And yes, this does affect up to Internet Explorer 7 beta.


Post a Comment

Links to this post:

Create a Link

<< Home