Microsoft patches month-old IE flaw


Microsoft patches month-old IE flaw

Microsoft has released an update to Internet Explorer to fix a security flaw that was discovered a month ago and has since been exploited to attack users.

The update fixes a problem in the way IE handles the "frame" and "iframe" HTML tags.

The problem was disclosed early last month and has since been exploited by a variant of the MyDoom worm and used to infect computers with variants of the Bofra worm.

Security experts warned in early November that code exploiting the security hole was circulating on the internet.

Attackers could gain complete control over a victim's computer by exploiting the flaw, according to Danish security company Secunia and Cert.
Microsoft, which has criticised the "irresponsible disclosure" of the vulnerability, released the update for its web browser outside of its normal monthly patching schedule and as soon as it could get it done, said Stephen Toulouse, a security program manager at Microsoft.

The scope of the attacks, however, was not widespread, according to Toulouse. Microsoft nevertheless deems the update "critical" and urges all users to install it immediately.

Windows XP users who have installed Service Pack 2 are not vulnerable, according to Microsoft.

On desktop systems, the vulnerability primarily affects IE 6 with SP1 when installed on several operating systems including XP, Windows 2000, and Windows 98. Several  Windows NT Server 4.0 products are also vulnerable.

Joris Evers writes for IDG News Service

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy