You are here: silicon.com > Software > Malware

Malware

IE security concerns mount up

Does anyone still use this browser?

Tags: security flaws, secunia, internet explorer

Printer Friendly Email Story RSS

By Robert Lemos

Published: 18 November 2004 09:50 GMT

Microsoft's Internet Explorer has become a turkey shoot for flaw finders.

This week, three more vulnerabilities were found in version 6.0 of the software giant's flagship web browser, security information provider Secunia said on Wednesday. That brings the total number of IE vulnerabilities disclosed in the past two months to 19, including eight flaws fixed by Microsoft during its October patch cycle.

The latest flaws were found by two different researchers, Secunia said. Two could be used together to allow malicious content to bypass an mechanism in Microsoft Windows XP Service Pack 2 that alerts people about potentially harmful programs, Secunia stated. The third vulnerability could be used to overwrite the cookies of a trusted site to hijack a web session, if the site handles authentication in an insecure manner, according to that advisory.

The flaws were rated "moderately critical" and "not critical", respectively, by Secunia.

Microsoft said in a statement: "We have not been made aware of any active attacks against the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports."

The company said that customers who needed advice should visit its software security site and its PC Protect site for home users. Microsoft also criticised the researchers for publicising the flaws without allowing it to work to solve the problems first.

"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," the company said in the statement. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."

Security researchers and hackers, however, are not paying heed to the software giant's standard chastisement of public disclosure. In the past two months, flaw finders have publicised critical Internet Explorer vulnerabilities and a slew of security issues in Service Pack 2, the company's latest update to Windows XP.

Already, viruses have started to use the critical Internet Explorer flaw to spread.

Robert Lemos writes for CNET News.com.

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Reader Comments

I have not used Microsoft Internet Explorer for a ...
Phil Laszkowicz (Opetec Ltd)

Click here to see all

Related Links

IE flaw opens door to latest MyDoom

IE flaw status 'highly critical'

Microsoft patches 22 security flaws

Microsoft patches three "critical" IE security holes

Trio of Windows flaws opens door to nasties

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...

How the good guys fight the security arms race

UK banks targeted by phishing attacks

Mobile malware: The threat exists

silicon.com Classics: 'Nigerian' money scam - What happens when you reply?

First iPhone Trojan reported

Cyber spies plan attacks next year


  • Jobs
Linux Redhat Systems Administrator - Windows XP, Network Connectivity

Linux Redhat Systems Administrator - Windows XP, Network Connectivity, Backup, DR, Market Data (not essential Reuters / Icap). Fantastic opportunity ...

3rd Line Support (Windows Server 2003, Windows XP, MS Exchange, AD)

You should have experience working with Active Directory, Microsoft exchange, Windows Server 2003, Windows XP and Office 2000/2003. I am looking for ...

IT Support Engineer

To apply online please go to www.farn-ct.ac.uk or call our 24 hour recruitment line on 01252 407020 quoting the post reference to receive an ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

College classrooms go high-tech

Travis Perkins builds its tech future

Thin clients switch on digitally excluded

MSDN Webcast: Demystifying Office Business Applications for the Developer (Level...

Understanding SOA and Business Mashups: Automate. Coordinate. Collaborate. No coding...

Tips and Tricks for Office 2007

MSDN Webcast: Demystifying Office Business Applications for the Business Analyst...

Stories from the web...


Peter Cochrane's Video Blog: Power outrage

Business agility through flexible IT

What are you really saying?


London data centres hit by credit crunch

Ofcom: Mobile broadband driving interest in fibre

3G iPhone to storm enterprise world, says O2

MoD IT - late and over budget

Terrorists turning to tech, warns gov't




Quick Sitemap Links: