You are here: silicon.com > Software > Malware

Malware

IE security concerns mount up

Does anyone still use this browser?

Tags: security flaws, secunia, internet explorer

Printer Friendly Email Story RSS

By Robert Lemos

Published: 18 November 2004 09:50 GMT

Microsoft's Internet Explorer has become a turkey shoot for flaw finders.

This week, three more vulnerabilities were found in version 6.0 of the software giant's flagship web browser, security information provider Secunia said on Wednesday. That brings the total number of IE vulnerabilities disclosed in the past two months to 19, including eight flaws fixed by Microsoft during its October patch cycle.

The latest flaws were found by two different researchers, Secunia said. Two could be used together to allow malicious content to bypass an mechanism in Microsoft Windows XP Service Pack 2 that alerts people about potentially harmful programs, Secunia stated. The third vulnerability could be used to overwrite the cookies of a trusted site to hijack a web session, if the site handles authentication in an insecure manner, according to that advisory.

The flaws were rated "moderately critical" and "not critical", respectively, by Secunia.

Microsoft said in a statement: "We have not been made aware of any active attacks against the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports."

The company said that customers who needed advice should visit its software security site and its PC Protect site for home users. Microsoft also criticised the researchers for publicising the flaws without allowing it to work to solve the problems first.

"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," the company said in the statement. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."

Security researchers and hackers, however, are not paying heed to the software giant's standard chastisement of public disclosure. In the past two months, flaw finders have publicised critical Internet Explorer vulnerabilities and a slew of security issues in Service Pack 2, the company's latest update to Windows XP.

Already, viruses have started to use the critical Internet Explorer flaw to spread.

Robert Lemos writes for CNET News.com.

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Reader Comments

I have not used Microsoft Internet Explorer for a ...
Phil Laszkowicz (Opetec Ltd)

Click here to see all

Related Links

IE flaw opens door to latest MyDoom

IE flaw status 'highly critical'

Microsoft patches 22 security flaws

Microsoft patches three "critical" IE security holes

Trio of Windows flaws opens door to nasties

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business

Second iPhone worm: A botnet risk

Phishers set their sights on corporate accounts

Tax-refund phishing scams hit an all-time high

First critical Windows 7 patches released

Online fraudsters enlist Trojans to run off with your money


  • Jobs
Application Access Engineer

You MUST be SC cleared Skills mandatory: Enterprise scale Infrastructure Topologies and Architectures; Enterprise scale application deployment ...

French Premier role open

A suitable candidate must demonstrate a good working knowledge of current Microsoft desktop operating systems, (Windows XP, Windows Vista, Windows ...

IT Support Team Leader - 1st Line,Windows XP,Novell NetWare,MS Office

IT Support Team Leader - 1st Line Support, Windows XP, Novell NetWare, MS Office 2003/2007University College Birmingham is seeking to recruit an ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

The Truth About Wasteful Spending on Software: How to Stop Giving Your Software Vendors...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


ID card database: 500 names added in first month

Women in IT: Tech has an image problem

Tesco Mobile to get a taste of Apple's iPhone

Marketing chiefs: Are you spamming your customers?

IT skills shortage squashed by recession?

Users tell SAP: 'We need to talk more'




Quick Sitemap Links: