Flaw and exploit code is publicly available
vnunet.com, 07 Jul 2005
Microsoft has updated a security advisory published in June, offering users a way to become immune to a highly critical flaw in Internet Explorer.
The flaw causes IE to crash or could allow hackers to take control of a user's system by placing specially created code on a website, according to Sec-Consult which first reported the flaw.
It affects current versions of IE on fully patched systems, and has been rated 'extremely critical' by security website Secunia.
Microsoft has confirmed the flaw. Exploit code is publicly available, but the software vendor claimed that it is not aware of any attacks using the exploit.
The workaround requires uses to manually prevent a .dll file from running, or to set the Windows internet security settings to 'high' to prevent ActiveX commands from being executed.
Although the workaround can reduce functionality and does not repair the actual flaw, it does prevent users from being affected.
Microsoft said that it is studying the flaw and will provide further information in the future, either through a refined workaround or a patch.
Beware updates bearing URLs
Document-level digital rights management in the pipeline
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Join our live chat session on Thursday at 11am to...
Researchers from security firm FireEye have been able to effectively...
Do you agree?
Have your say on this article