Microsoft releases patch for IE flaw
Published: 06 Feb 2003 09:13 GMT
Microsoft on Wednesday advised Internet Explorer customers to apply a patch for a vulnerability that could allow a Web site administrator to steal data or take control of a person's PC.
The flaw occurs in Internet Explorer's domain security, the technology that keeps applications running in the Internet domain from accessing data on the PC or local domain, for example.
"In the worst case, this vulnerability could allow an attacker to load a malicious executable onto the system and execute it," the advisory said. The update is available from Microsoft's Web site.
Internet Explorer uses security domains, or "zones", to limit what certain Web sites and HTML (Hypertext Markup Language) pages can do to a person's PC. From the most restricted to the least restricted, the zones are categorised as Restricted, Internet, Trusted and Local. By taking advantage of this flaw, a Web page could bypass the protections and use the local, or least restricted, zone.
The patch came two days after the software giant pulled a patch for its Windows NT 4.0 systems, MS02-071, released in December.
"We started getting back reports that some configurations were having problems," said Iain Mullholland, security program manager with Microsoft security response. "We don't take pulling a patch lightly. We are working on it as hard as we can."
While the occurrence doesn't happen often, Microsoft pulled a patch for Exchange in June 2001, after customers complained that the fix had broken their software.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
30 out of 92 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
