TechTarget

Microsoft upgrades Explorer flaw to critical

Microsoft raised the risk rating on a security flaw in Internet Explorer from "moderate" to "critical", after security experts...

Microsoft raised the risk rating on a security flaw in Internet Explorer from "moderate" to "critical", after security experts insisted the rating should be upgraded.

Earlier last week, Microsoft issued a patch to fix a flaw in IE 5.5 and IE 6.0. However, after alerts from security advisers, it reinvestigated the issue and discovered a new exploit scenario that allows an attacker to gain control over a vulnerable system.

"The newly discovered exploit scenario could allow a malicious user to run code on a user's computer via a specially crafted Web site or e-mail message, thus warranting a severity rating of critical," Steve Lipner, director of security assurance for Microsoft said. Microsoft has revised its security bulletin MS02-068.

The flaw lies in a feature meant to set up security boundaries between Web browser windows and the local system. This "external object caching" vulnerability was first made public in late October by Israeli security company GreyMagic Software.

An attacker could exploit the flaw by luring a user to a specially coded Web page or sending that page via HTML e-mail, Microsoft said. The company urged users to apply the patch - part of a super patch that includes all previous IE 5.5 and IE 6.0 fixes - as soon as possible.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close