Windows
Windows

Doubts raised over Microsoft patches

Danish firm finds flaws in security fixes

Iain Thomson

vnunet.com, 25 Nov 2002

Security patches released by Microsoft last week may not completely protect users, according to a Danish security consultancy.

Microsoft security alert 65 and alert 66 deal with the Windows operating system and Internet Explorer, and are rated 'critical' and 'important' respectively.

Advertisement

Alert 66, a bundled software patch for Internet Explorer versions five and six, is aimed at fixing six specific faults in the browser.

Simon Conant, of Microsoft product support services, said: "If users update with this patch they will be covered for all the currently known security flaws.

"They'll still need to use patch 65 as well as that's not a specific Internet Explorer patch but can affect the software."

But Danish security company Secunia said it has identified flaws with both patches.

Microsoft has admitted patch 65 may not be fully effective in certain circumstances, but it has made no mention of problems with patch 66.

Although patch 65 does offer a broad solution it is still vulnerable to malicious websites and HTML emails. If the browser downloads ActiveX controls automatically it might be possible to reintroduce malicious code.

The software giant has suggested that users remove its software from the Trusted Publisher list and check the software's origin before downloading.

Part of the flaw in patch 66 means it is still possible for a website to run an executable that is stored on a system.

This could allow an outsider to view the contents of a previously identified file and view the clipboard.

Secunia spotted the flaws while installing and checking the patches. Details of how to fix them can be found here.

"I was very shocked at the problems, particularly with alert 65," said Thomas Kristensen, chief technical officer of Secunia.

"We noticed the problems and only then did we find them mentioned in the FAQ. The only way around them is to manually install all digital certificates after checking their veracity, and who wants to do that?" he said.

Microsoft could not provide a comment on Secunia's discoveries by the time of going to press.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Windows security flaw is 'critical'

Users urged to download patch

Microsoft slammed over IE flaws

Security consultancy adamant that vulnerabilities pose serious threat

Security is everyone's responsibility

E-commerce minister Stephen Timms writes exclusively about the need for clear security guidelines if future generations are to benefit.

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

More video

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation