Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Microsoft releases patch to plug IE vulnerability

The out-of-cycle patch is for a flaw that's already being exploited

December 1, 2004 12:00 PM ET

Computerworld - As expected, Microsoft Corp. today released an out-of-cycle security bulletin and patch designed to fix a critical hole in the Internet Explorer Web browser that is already being widely exploited by attackers.
The company also announced a change to Windows Update for three previously issued fixes from October for some users of Windows XP Service Pack 1.
The vulnerability addressed by Microsoft's latest bulletin, MS04-040, was first disclosed on Oct. 24 and exists in the iFrame tags of Internet Explorer. The buffer overflow flaw allows attackers to take complete control of a compromised system and can be exploited by getting users to visit Web sites where malicious code can be downloaded.
A proof-of-concept exploit named Bofra that takes advantage of the iFrame flaw has been available for several days and was used in launching attacks via banner ads last week that redirected users to rogue Web sites.
"We are aware of some proof-of-concept code and public attacks" that take advantage of the flaw, said Stephen Toulouse, security program manager at Microsoft's security response center. That's why Microsoft is urging users to apply the latest patch as soon as possible, he added.
The flaw doesn't affect users who have already installed XP SP2, he said.
Meanwhile, Microsoft today reissued three of its fixes from October for users of SP1 who may not have been offered the updates earlier. The problem involves SP1 users who may have downloaded the SP2 patch but have not installed it on their computers yet.
Microsoft's Windows Update and Automatic Updates service wouldnt have offered the October fixes automatically to such users, Toulouse said. Today's updates fixes the problem for those users.

Read more about spam, malware and vulnerabilities in Computerworld's Spam, Malware and Vulnerabilities Knowledge Center.



Jump to comments

Viruses

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs