
Protect your 'zones'
By Robert Lemos
Published: 6 February 2003 11:23 GMT
Microsoft on Wednesday advised Internet Explorer users to apply a patch for a vulnerability that could allow a website administrator to steal data or take control of a person's PC.
The flaw occurs in Internet Explorer's domain security, the technology that keeps applications running in the internet domain from accessing data on the PC or local domain, for example.
"In the worst case, this vulnerability could allow an attacker to load a malicious executable onto the system and execute it," the advisory said. The update is available from Microsoft's website.
Internet Explorer uses security domains, or 'zones', to limit what certain websites and HTML (Hypertext Markup Language) pages can do to a person's PC. From the most restricted to the least restricted, the zones are categorised as Restricted, Internet, Trusted and Local. By taking advantage of this flaw, a web page could bypass the protections and use the local, or least restricted, zone.
The patch came two days after the software giant pulled a patch for its Windows NT 4.0 systems, MS02-071, released in December.
"We started getting back reports that some configurations were having problems," said Iain Mullholland, security programme manager with Microsoft security response. "We don't take pulling a patch lightly. We are working on it as hard as we can."
While the occurrence doesn't happen often, Microsoft pulled a patch for Exchange in June 2001, after customers complained the fix had broken their software.
Trouble shoot and fix technical problems, liaising with product management and technical support to organise a patch if necessary. Websphere IT ...
Other activities would include booking and scheduling rig usage, ensuring all Government Furnished Equipment remains traceable and ensuring currency ...
Responsibilities: - Deliver security assessment services including network scanning, vulnerability testing, penetration testing, search engine ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...