Microsoft exposes serious IE vulnerability

• Tags:
• Security,
• Hole,
• Flaw

John McCormick

Published: 29 Nov 2005 17:45 GMT

• 
• 
• 
• 
• 

...unauthorised installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy, and for other purposes."

Known as the SPY BLOCK Act, this legislation is currently making its way through Congress. While this bill is not likely to stop spyware, it might reduce the number of multinational companies that decide to intentionally plant it on users' systems.

Sober returns
There has been a considerable increase in the number of significant virus and worm attacks in the past two weeks. After several slow, quiet months on the virus front, the Sober worm has returned with a vengeance.

Over the past week, variants have spread across the world, wreaking havoc in undefended systems. The X variant has even made Symantec's threat list, scoring a 3 out of 5 for its risk rating — the first such threat level I've seen in quite a while.

Other Sober variants — including S, T, V, and W — have scored a 2 rating. Of course, Sober is far from the only threat. The Linux.Plupii.B threat has also earned a 2 rating, as have a couple of Mytob variants.

Xbox experiences glitches
Only one day after the release of Microsoft's Xbox 360, reports surfaced of problems with the much-anticipated video game console. Apparently, the many crashes reported with the Xbox 360 mostly have to do with overheating.

Any additional cooling measures, such as pointing a fan at it, playing outdoors here in the northern states, or mounting it in such as way as to maximise heat dissipation, seem to reduce problems to manageable levels. I'll bet Microsoft is glad it's about to release those 300,000 models in Europe.

Final word
In a week when reports abound of serious problems with the Xbox 360 (serious enough that I've dropped plans to buy one for now), Microsoft didn't need to remind people that it may be ignoring some very serious known vulnerabilities in its browser. It's certainly bad enough that, just as Cyber Monday (the most intense online shopping day of the year) is upon us, we learn that a serious threat lurks hidden in most versions of Internet Explorer.

It is far worse to learn that the company knew about the vulnerability as early as May — and did absolutely nothing about it publicly. Of course, Redmond likely did nothing about it internally either, or we wouldn't be waiting for the company to determine how and when to patch it.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed