News

Microsoft patches month-old IE flaw

Microsoft has released an update to Internet Explorer to fix a security flaw that was discovered a month ago and has since been exploited to attack users.

The update fixes a problem in the way IE handles the "frame" and "iframe" HTML tags.

The problem was disclosed early last month and has since been exploited by a variant of the MyDoom worm and used to infect computers with variants of the Bofra worm.

Security experts warned in early November that code exploiting the security hole was circulating on the internet.

Attackers could gain complete control over a victim's computer by exploiting the flaw, according to Danish security company Secunia and Cert.
 
Microsoft, which has criticised the "irresponsible disclosure" of the vulnerability, released the update for its web browser outside of its normal monthly patching schedule and as soon as it could get it done, said Stephen Toulouse, a security program manager at Microsoft.

The scope of the attacks, however, was not widespread, according to Toulouse. Microsoft nevertheless deems the update "critical" and urges all users to install it immediately.

Windows XP users who have installed Service Pack 2 are not vulnerable, according to Microsoft.

On desktop systems, the vulnerability primarily affects IE 6 with SP1 when installed on several operating systems including XP, Windows 2000, and Windows 98. Several  Windows NT Server 4.0 products are also vulnerable.

Joris Evers writes for IDG News Service


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy