AT&T Tech Support 360
August 29, 2005 10:30 PM PDT
Microsoft investigates another IE flaw report
- Related Stories
-
Microsoft: New IE flaw limited in scope
August 19, 2005 -
IE flaw opens door to infection on sight
August 9, 2005 -
Windows flaw reaches beyond XP
July 18, 2005 -
Windows flaw could spawn DoS attacks
July 15, 2005
The problem affects Internet Explorer 6--the latest version of Microsoft's Web browser--on computers running Windows XP with Service Pack 2 and all security patches installed, Tom Ferris, an independent security researcher in Mission Viejo, Calif., said in an interview Monday. Other versions of Windows and IE may also be vulnerable, he said.
The security hole allows for "full-blown remote code execution," Ferris said. "If a user browses to a bad Web site, malicious software can be installed on their PC without their knowledge."
Ferris claims credit for discovering the problem and said he informed Microsoft of the flaw on Aug. 14. He reported some basics of the bug on his Security Protocols Web site Saturday, but he is not sharing more details to prevent information from getting into the wrong hands.
A Microsoft representative late Monday confirmed the company received Ferris' report. The Redmond, Wash., software giant can't confirm whether the flaw exists, but it is investigating the report, the representative said. "At this time, there are not any attacks, and there are not any risks" to users, she said.
Ferris said he provided Microsoft with details on the bug, including computer code to prove the existence of the problem. On his Web site, Ferris shows a screen shot of a crashing IE 6 Web browser, which he said was caused by the same bug.
Upon completion of the investigation, Microsoft will take the appropriate action to protect users, the representative said. This may include providing a security update through its monthly patch release or providing an out-of-cycle security update, she said.
There are several unpatched vulnerabilities in IE 6, according to Secunia. The security monitoring company has issued 69 alerts on the Web browser since 2003; almost one-third of those security bugs remain unpatched, according to Secunia's Web site. Secunia has yet to put out an advisory on this latest IE security issue.
Ferris has found bugs in Microsoft software before. Earlier this month, Microsoft credited him with reporting a bug in a Windows feature called the Remote Desktop Protocol that could allow an attacker to remotely restart Windows systems.
Ferris recommends people pick a different Web browser or use caution when surfing the Web to protect against any exploitation of the latest IE flaw and other browser bugs. Microsoft, as always, urges users to apply all available software patches and run updated security software.
See more CNET content tagged:
Microsoft Internet Explorer 6,
Microsoft Internet Explorer,
bug,
malicious code,
security
history has taken so much out of society's pockets, and ruined
their days off fixing more crap. The solution is not to stop using
IE, it is to STOP using Windows. Microsoft sucks, can I say it any
louder for you poor slobs that cant say "SH*T" with a
mouthful....WINDOWS SUCKS, get over your lame professions
that this OS is Ok, and that smart users "patch" their systems.
Have you not learned by now that its not going to end. Lets see,
I patched my Apple PowerBook once or twice a month, does it
get bitten weekly by bugs, viruses, worms, or trojans NOPE!!! In
this world, trojans are for when youre having "safe" fun, but for
PC losers its the sign of bad birth control, Bill Gates birthed a
"lemon" on the world. Go ahead, admit it, you bought junk.
Hahahaha. You really ought to buy a Macintosh and learn what
stability and trouble free computing is all about. Poor suckers.
Bill Gates loves you though, I am sure he's got a big present for
you this holiday, keep waiting for it, its in the mail.......;-)
history has taken so much out of society's pockets, and ruined
their days off fixing more crap. The solution is not to stop using
IE, it is to STOP using Windows. Microsoft sucks, can I say it any
louder for you poor slobs that cant say "SH*T" with a
mouthful....WINDOWS SUCKS, get over your lame professions
that this OS is Ok, and that smart users "patch" their systems.
Have you not learned by now that its not going to end. Lets see,
I patched my Apple PowerBook once or twice a month, does it
get bitten weekly by bugs, viruses, worms, or trojans NOPE!!! In
this world, trojans are for when youre having "safe" fun, but for
PC losers its the sign of bad birth control, Bill Gates birthed a
"lemon" on the world. Go ahead, admit it, you bought junk.
Hahahaha. You really ought to buy a Macintosh and learn what
stability and trouble free computing is all about. Poor suckers.
Bill Gates loves you though, I am sure he's got a big present for
you this holiday, keep waiting for it, its in the mail.......;-)
If you haven't learned by now that IE is near the root of all Windows
disasters, learn it now. Delete IE functionality (You can;t get rid of
the code due to MS's Marketing driven misdesign of the WIndows
OS) and move to a real browser.
It really doesn't take any skill or experience to make the shift.
If you haven't learned by now that IE is near the root of all Windows
disasters, learn it now. Delete IE functionality (You can;t get rid of
the code due to MS's Marketing driven misdesign of the WIndows
OS) and move to a real browser.
It really doesn't take any skill or experience to make the shift.
Usually its been "this exploit could allow an attacker to take complete control of your computer"
Security is improving.
<end sarcasm>
Usually its been "this exploit could allow an attacker to take complete control of your computer"
Security is improving.
<end sarcasm>
- I can provide them with a bunch of screenshots...
-
by fred dunn
August 31, 2005 10:02 AM PDT
- of IE crashing, So what.
-
Reply to this comment
-
-
See all 56 Comments >>