TechTarget

Microsoft bug could be worse than thought

A “moderate” level security bug in Microsoft’s Windows that was patched last month could point to more serious problems with the Internet Explorer browser, security experts have warned.

A “moderate” level security bug in Microsoft’s Windows that was patched last month could point to more serious problems with the Internet Explorer browser, security experts have warned.

The Sans Internet Storm Centre warned that the indexing service vulnerability patched by Microsoft in its MS06-053 security update could be just “the tip of the iceberg”.

Microsoft’s own security bulletin warned that the bug could allow hackers to get unauthorised access to information, which could in turn be used to further compromise an affected system. It described the bug as an “information disclosure vulnerability in the Indexing Service”.

But a post on the Internet Storm Centre’s handler’s diary warns that discussion of the bug has developed to a stage where “there is no ignoring that you do not need an Indexing Service, nor an IIS server in the picture, in fact all you need is Microsoft's browser”.

It pointed to references in an older Microsoft bulletin linked to MS06-053 that advised users to “disable page encoding auto-detection in Internet Explorer”.

The post argues that there is confusion over whether “this is a server problem or a client problem”. It warns that IE can automatically select a character set that includes the coding behind the Indexing Service bug.

It suggests users change the settings of the Internet Explorer browser to switch off its “autoselect” encoding feature.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close