- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Microsoft raised the risk rating on a security flaw in Internet Explorer (IE) to "critical" after criticism prompted it to reexamine the issue, the company said Friday.
Earlier last week, Microsoft issued a patch to fix a flaw in IE 5.5 and IE 6.0 that it said only posed a "moderate" risk to users. Security experts, however, said the issue should be rated critical as it could be exploited to take over a user's machine.
Microsoft reinvestigated the issue and discovered a new exploit scenario that indeed allows an attacker to gain control over a vulnerable system, Steve Lipner, director of security assurance for Microsoft said in an e-mail response to questions.
"The newly discovered exploit scenario… could allow a malicious user to run code on a user's computer via a specially crafted Web site or e-mail message, thus warranting a severity rating of critical," Lipner said. Microsoft has revised its security bulletin.
The flaw lies in a feature meant to set up security boundaries between Web browser windows and the local system. This "external object caching" vulnerability was first made public in late October by Israeli security company GreyMagic Software.
An attacker could exploit the flaw by luring a user to a specially coded Web page or sending that page via HTML e-mail, Microsoft said. The company urges users to apply the patch, part of a super patch that includes all previous IE 5.5 and IE 6.0 fixes, as soon as possible.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment