resource center
  See your link here
|
IDG News Service -
Microsoft Corp. raised the risk rating on a security flaw in Internet Explorer (IE) to "critical" after criticism prompted the company to re-examine the issue.
Last week, Microsoft issued a patch to fix a flaw in IE 5.5 and IE 6.0 that it said posed only a "moderate" risk to users. Security experts, however, said the issue should be rated critical because it could be exploited to take over a user's machine.
Microsoft reinvestigated the issue and discovered a new exploit scenario that indeed allows an attacker to gain control over a vulnerable system, Steve Lipner, director of security assurance at Microsoft, said in an e-mail response to questions.
"The newly-discovered exploit scenario ... could allow a malicious user to run code on a user's computer via a specially-crafted Web site or e-mail message, thus warranting a severity rating of critical," Lipner said. Microsoft said Friday it had revised its security bulletin MS02-068.
The flaw lies in a feature meant to set up security boundaries between Web browser windows and the local system. This "external object caching" vulnerability was first made public in late October by Israeli security company GreyMagic Software.
An attacker could exploit the flaw by luring a user to a specially coded Web page or by sending that page via HTML e-mail, Microsoft said. The company urged users to apply the patch, part of a superpatch that includes all previous IE 5.5 and IE 6.0 fixes, as soon as possible.
IDG.net
The State of PCI DSS Compliance at Organizations Today
Download this resource today!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
