Another bug got the better of Microsoft last week, days after a patch was posted on its site to deal with the Cybersnot issue.
This time three students from the University of Maryland announced that a bug was present in IE3.0 that could be activated simply by double clicking on an icon in a Web page.
The Maryland bug is similar to the Cybersnot variation in that it allows a hacker to launch applications without warning. The Maryland trio also claim that files on a hard drive are at risk of being modified or deleted without warning.
Microsoft's official line is that the two bugs are the same, but are executed in different ways. Andrew Lees director of desktop and Internet at Microsoft, said: "The information from the US is that these are one and the same. We take this very seriously and there is a fix at www.microsoft.com."
But the Maryland hackers disagreed.In a statement posted on their Web site they said: "This is not the same as the .LNK and .URL bug discovered recently." David Ross, one of the hackers, said: "The cybersnot bug uses .LNK and .URL files to access a computer but this bug exploits the fact that .isp script files may be downloaded and executed by Internet Explorer.
You need a different patch to deal with this bug."
Despite Lees' insistence that the two bugs are the same, a different patch was posted within 24 hours to deal with the Maryland bug.
Microsoft has acted swiftly to counter "overzealous reporting" of the bug issues by setting up an Email alias called [email protected] The mail alias will be monitored by Microsoft's security experts and is designed to allay any fears users of IE3.0 might have about the recent spate of security flaws.
Including a 15-inch Intel Core-powered device weighing less than a bag of sugar
Tuomo Suntola's ALD technology extended Moore's Law, but was only adopted by chip-makers in 2007
Trump proposes a $1.3bn fine and a round of firings to un-bork ZTE
Findings could mean new optical frequencies to transmit more data along optical cables