A newly discovered flaw in Microsoft Internet Explorer (IE) affects various IE releases, including the version in Windows XP Service Pack 2 (SP2), leaving users of the incredibly buggy browser open to attack. The flaw, which security firm Secunia disclosed this weekend, affects IE 6, 5.5, and 5.01 and Windows XP SP2 and SP1.
Secunia describes the flaw as "highly critical," which is apparently more serious than "critical" but less serious than "wicked critical." The firm says that it created a proof-of-concept attack based on the flaw, which requires users to drag and drop content from a malicious Web site onto their hard disks, thus bypassing IE's security-zone protection. Secunia recommends that IE users disable Active Scripting until Microsoft issues a patch. A more proactive solution would be to use a more secure Web browser: I recommend Mozilla Firefox .
Curiously, Microsoft is downplaying the flaw's risk, citing the amount of user interaction required to exploit it. "Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers," a Microsoft representative said, noting that the company is still investigating the flaw.
Meanwhile, a new version of Download.Ject that's circulating on the Web affects all pre-XP versions of Windows. Users who have upgraded to XP SP2 are invulnerable to the attack, according to security researchers. The original Download.Ject surfaced in June, and Microsoft modified SP2 to handle that style of attack.
An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Previous
Register
