Friday, December 2, 2005

Microsoft IE Bug resurfaces

This has been a tough week for the Microsoft security team. Four security related bugs were announced earlier this week, one of which was originally announced in May of this year. This causes alot of fingerpointing between cyber security experts and the software giant. Analysts claim the bug should've been fixed but was ignored by Microsoft. However, Microsoft claims the bug was not reported to them appropriately in the correct fashion and therefore did not gain the adequate attention it required.

The bug is exposed when a call to the Windows() function occurs from within the Javascript of a web page. Hackers would trick users into clicking a link that would launch a web page containing the malicous code and eventually give the hacker access to the system. Win2003 machines with SP1, having the default Enhanced Security Configuration activated are exempt from this vulnerability.

For more information, please go to http://www.computerworld.com/printthis/2005/0,4814,106638,00.html

No comments:

Post a Comment