Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

December 13, 2005

Microsoft issues critical security patch for Internet Explorer

Posted by David Hunter at 10:34 PM ET.

In today’s Patch Tuesday release, Microsoft issued two security updates, one of which was deemed “critical.” That one, MS05-054, is a cumulative patch for Internet Explorer which provides four fixes, including one for a bug that permitted drive-by malicious downloads. Microsoft did not, however, fix the cross site scripting flaw that had briefly exposed Google Desktop until Google did a workaround.

Available as usual via Microsoft Update or Windows Update or the enterprise equivalents.



Filed under Cross Site Scripting, Internet Explorer, Patch Tuesday, Security, Trojan Horses

Related posts:

 

December 2, 2005

Internet Explorer flaw exposes Google Desktop and more

Posted by David Hunter at 7:15 PM ET.

Nate Mook at BetaNews:

Internet Explorer is not having a good week. After the discovery of an unpatched flaw in the ubiquitous Web browser and code to exploit it prompted Microsoft to issue a public advisory, a new vulnerability has been found that puts users of Google Desktop at risk — even if they are running a fully patched system.

Uncovered by Israeli hacker Matan Gillon, the security hole involves a problem with the way IE imports cascading style sheets (CSS) from other Web sites, a technique referred to as cross site scripting (XSS). IE will import any type of file with a bracket, regardless of whether or not it’s valid CSS.

By combining the flaw with Google’s Desktop Search, a malicious Web site could read personal data off a visitor’s machine.

The vulnerability could extend beyond Google Desktop Search, however, to any service or application that relies on cross-domain security policies within Internet Explorer.

The exploit affects IE6 on Windows XP SP2 with all patches installed. Mozilla’s Firefox is not affected, nor is Opera, “because it doesn’t support the styleSheets collection,” said Gillon.

More by following the link



Filed under Cross Site Scripting, Internet Explorer, Security

Related posts:

 

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email


Powered by FeedBlitz

Categories:

Full category list

Archives:

Archive List

RSS Feed:



HunterStrat Links:

Other:

  • Powered by WordPress.

Advertisements:


 

Related:


Misc: