News

Patch fails to fix all Explorer problems

Security researchers have advised users that a patch designed to address six serious security vulnerabilities in Microsoft 's Internet Explorer does not fix all the problems.

Security company GreyMagic Software stated that the patch, released on Thursday, only fixed version 6.0 of Internet Explorer. Users on version 5.0 and 5.5 were still exposed to potential hacking attacks

Another security expert, Thor Larholm, went further, suggesting that Microsoft had misunderstood the nature of the problem.

The patch was intended to correct a number of security issues in Internet Explorer 5.01, Internet Explorer 5.5 and Internet Explorer 6.0 including a fix that closed a vulnerability in one of Internet Explorer's local HTML (Hypertext Markup Language) resources.

According to Microsoft, the flaw could only be exploited when a user clicks on an HTML (Hyptertext Markup Language) link on a Web page or in an e-mail message.

But on his security Web site, Larholm claimed, "A successful attack requires that a user first click on a hyperlink. There is no way to automate an attack using this vulnerability."

He added that Microsoft appeared to have misunderstood a number of issues surrounding this vulnerability.

"Microsoft is aware of the issues and is investigating the reports," a Microsoft spokesman said. Microsoft maintained that the patch does what the company said, but it was also investigating the researchers' claims, the spokesman explained.

This is not the first time that a Microsoft patch has caused problems for users. Another IE patch, released in February, caused the browser to crash.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy