Advertisement
Promo

Security threats Toolkit

IE hit by more security flaws

Published: 18 Nov 2004 09:00 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft's Internet Explorer has become a turkey shoot for flaw finders.

This week, three more vulnerabilities were found in version 6.0 of the software giant's flagship Web browser, security information provider Secunia said on Wednesday. That brings the total number of IE vulnerabilities disclosed in the past two months to 19, including eight flaws fixed by Microsoft during its October patch cycle.

The latest flaws were found by two different researchers, Secunia said. Two could be used together to allow malicious content to bypass an mechanism in Microsoft Windows XP Service Pack 2 that alerts people about potentially harmful programs, Secunia stated. The third vulnerability could be used to overwrite the cookies of a trusted site to hijack a Web session, if the site handles authentication in an insecure manner, according to that advisory.

The flaws were rated "moderately critical" and "not critical", respectively, by Secunia.

"We have not been made aware of any active attacks against the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports," Microsoft said in a statement sent to ZDNet UK sister site CNET News.com.

The company said that customers who needed advice should visit its software security site and its PC Protect site for home users. Microsoft also criticised the researchers for publicising the flaws without allowing it to work to solve the problems first.

"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," the company said in the statement. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."

Security researchers and hackers, however, are not paying heed to the software giant's standard chastisement of public disclosure. In the past two months, flaw finders have publicised critical Internet Explorer vulnerabilities and a slew of security issues in Service Pack 2, the company's latest update to Windows XP.

Already, viruses have started to use the critical Internet Explorer flaw to spread.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
56 out of 122 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

4 comments

  1. All I can say is; I'm glad I changed to Firefox! Andy
  2. Ditto - but Opera Anonymous
  3. Ditto again but back to Firefox. We Ff users are s... NJ
  4. why do we have to pay for the developers mistake? Betty Preston

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters