All the latest UK technology news, reviews and analysis
|
|
|
11 Dec 2008
A new attack targeting Internet Explorer 7 has been reported.
The attack is said to target an unpatched flaw in IE7 and is carried out by way of a specially-crafted XML file.
According to Sans researcher Bojan Zdrnja, the exploit was not addressed by Tuesday's monthly security update and is believed to affect both Windows XP and Server 2003.
The researcher explained that the flaw targets a component in IE7 that handles XML tags. When the page confirms that the user is running a vulnerable browser and operating system, a specially crafted tag is loaded.
Zdrnja said that the attack is not believed to be widespread, but public exploit code has been made available. He also noted that a special feature of the attack, waiting six seconds to launch, could make the exploit even more potent.
"This was probably added to thwart automatic crawlers by anti-virus vendors, " Zdrnja said of the feature.
A Microsoft spokesperson told vnunet.com that the company is investigating reports of an Internet Explorer vulnerability.
If confirmed the IE flaw would be the second unpatched vulnerability to emerge for a Microsoft product this month. Attached to yesterday's security release was a note from the company that a flaw in Word 97 had yet to be patched as well.
Though the company prefers to release patches on a monthly basis to lighten the maintenance burden on administrators, special out-of-cycle updates are sometimes released when a high-risk or widespread security issue is reported.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Project Manager (BI) 6 Months Contract – to...
Desktop Support Manager 3 month contract - to start...
/ Programme Manager / 45k / Significant benefits / London...
Automation Test Manager Selenium London 75k Automation...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Comment from a website designer
Speaking as a freelance website designer, this honestly is just more proof that Internet Explorer is a bag of spanners and is over ridden with flaws. Everyone browsing the web really deserves better. I would recommend people to download and switch to the free 'Firefox 3.0' as it really will make your web browsing more secure, faster and enjoyable.
Posted by: Mahesh 16 Dec 2008
Monthly Release Lightens Load?
How does monthly release correlate to lightening administration load? Of course it does not. If one computer in a network is infected with malware, I'm certain the stress and work to repair that one computer -and ensure all others on network are not harboring same malware (for later re-infection) is as much or more work than distributing a patch. MS logic is flawed. It is easier to keep something maintained and healthy than to repair it!
Posted by: Reed Bailey 11 Dec 2008