microsoft working to fix new internet explorer flaw

[taz1134]

http://www.detnews.com/2005/technology/ ... 287282.htm

 

 

 

 

 

 

 

 

 

 

 

for anyone not wanting to touch link

 

 

 

 

 

 

 

SEATTLE -- Microsoft Corp. was working Friday to come up with a fix for a flaw in its Internet Explorer browser that could let hackers gain remote access to computer systems through malicious Web sites.

 

 

 

 

 

 

 

A patch was not immediately available, though security experts played down the risk.

 

 

 

 

 

 

 

"If the user doesn't browse a malicious Web site, then the user isn't even under attack," said Gerhard Eschelbeck, chief technology officer at Qualys Inc., a security company based in Redwood Shores, Calif.

 

 

 

 

 

 

 

Stephen Toulouse, a program manager for the software maker's Security Response Center, said the component that's the root of the problem does not come standard in the Windows operating system.

 

 

 

 

 

 

 

In an update to a security advisory the company had issued the day before, Microsoft said Friday that machines running Visual Studio 2002 without the Service Pack 1 update, or Office 2003 with Service Pack 3, could be vulnerable.

 

 

 

 

 

 

 

Microsoft said it knew of no customers who had been attacked.

 

 

 

 

 

 

 

The company urged Internet users to be careful about opening up Web links in e-mails and said it would release a security update once it had completed its investigation.

 

 

 

 

 

 

 

Thursday's advisory came after a French security research team published a "proof-of-concept exploit" showing how hackers could take advantage of the vulnerability.

 

 

 

 

 

 

 

Without referring to the exploit specifically, Microsoft said the flaw "was not disclosed responsibly, potentially putting computer users at risk."

 

 

 

 

 

 

 

The disclosure came just days after a series of computer worms, programmed to take advantage of a flaw in Microsoft's Windows operating system, caused delays in operations at big companies and government offices.

 

 

 

 

 

 

 

------ On the Net: http://www.microsoft.com/technet/securi ... 06267.mspx

 

 

 

 

 

 

 

 

 

 

 

from link in last quote http://www.microsoft.com/technet/securi ... 06267.mspx

 

 

 

 

 

 

 

Microsoft Security Advisory (906267)

 

 

 

A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit

 

 

 

Published: August 18, 2005 | Updated: August 19, 2005

 

 

 

 

 

 

 

Microsoft is investigating new public reports of a possible vulnerability in Internet Explorer. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft is aggressively investigating the public reports.

 

 

 

 

 

 

 

The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet Explorer.

 

 

 

 

 

 

 

Customers who use the initial release of Microsoft Visual Studio 2002 are at risk from this vulnerability and are encouraged to apply Microsoft Visual Studio 2002 Service Pack 1 from the following download location. Customers who use Microsoft Office XP Service Pack 3, while not affected by default, may be at risk. See the Frequently Asked Question ÃÆââââ¬Å¡Ã¬Ãâ¦Ã¢â¬ÅI am running Microsoft Office XP Service Pack 3, am I affected by this vulnerability?ÃÆââââ¬Å¡Ã¬ÃâÃ

[____]

Heh, why am I not suprised. I'll give them a few months to patch this one.

 

 

 

Then another year to patch holes from last year which they just can't be arsed to fix since they're minor issues.

[bazza]

simple fix: Use firefox

[____]

simple fix: Use something other than Internet Explorer if you think you need to

 

 

 

 

 

 

 

 

 

 

 

Fixed.

[Mercifull]

simple fix: Use firefox

FF isnt the only browser unaffected by this flaw. Rick's post is more correct.

[Mercifull]

simple fix: Use firefox

FF isnt the only browser that is unaffected by the IE flaw. Rick's post is more accurate, and though I personally would reccomend Firefox, Opera for example would protect you just as well.