三级aa视频在线观看-三级国产-三级国产精品一区二区-三级国产三级在线-三级国产在线

  Home>News Center>World
         
 

'Extremely critical' flaw threatens IE users
(Agencies)
Updated: 2005-01-12 08:04

Security experts are warning of a new and highly critical security flaw in Microsoft Internet Explorer, when running under Windows XP SP2.

Simply visiting a malicious Web site could leave a user's computer vulnerable to malicious code.

The basic flaw has been known about for two months, but security experts originally thought it would be difficult to exploit. However, after further study, security firm Secunia now says the bug represents a greater danger than previously believed.

Secunia now rates the vulnerability as "extremely critical."

Three Problems

In an alert posted on its Web site, Secunia lists three problems in IE that, in combination, create the vulnerability:

"Insufficient validation of drag and drop events from the Internet zone to local resources for valid images or media files with embedded HTML code;

"A security site/zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious javascript URI handler;

"A security site/zone restriction error in the handling of the Related Topics command in an embedded HTML Help control can be exploited by e.g. a malicious website to execute arbitrary script code in the context of arbitrary sites or zones."

The exploit bypasses a key SP2 security feature, Zone Lock Down, which is designed to prevent an attacker from remotely executing script on a local system.

Safety Measures

The vulnerability was identified initially by security group Greyhats, which warned of the bug late last month.

Microsoft is recommending that users turn off the "Drag and drop or copy and paste files" option in Internet Explorer and set security levels to high for the Internet zone.

Security experts note that the problem does not affect other browsers.

Secunia has constructed a test, available on the firm's Web site, that users can run to determine whether their systems are affected by this issue.

Microsoft releases Windows security fixes

Microsoft Corp. released two security fixes Tuesday that carry its most severe threat rating, including one that applies even to computers that have downloaded the company's massive security update for the Windows XP operating system.

Both flaws affect versions of the company's dominant operating system going back to Windows 98, and both could allow an attacker to take control of another person's computer.

One of the flaws also leaves vulnerable users who have downloaded Service Pack 2, a major security upgrade for Windows XP that was released last summer. The security fix came after a series of crippling attacks on Microsoft's technology, which have wreaked havoc on both businesses and computer users.

Stephen Toulouse, a security program manager at Redmond-based Microsoft, said the company never expected SP 2 to solve all of its security problems.

"We knew we were going to be providing updates for SP2," he said. "The goal was always around reducing the number of critical updates."

The flaw that affects SP2 takes advantage of a problem with Internet Explorer that could allow an attacker to gain control of a computer if a user was persuaded to visit a malicious Web site.

The other flaw could be exploited if a user employs a specially formulated cursor or icon that secretly allowed an attacker to gain control of another person's computer.

Microsoft also released a third security fix Tuesday with a lesser rating of "important." That vulnerability, which also could allow another person to gain control of a user's computer, affects machines running Windows XP and Windows Server 2003.

The new security fixes, released as part of Microsoft's regular monthly security updates, come a week after Microsoft said it would begin offering a free program to remove the most dangerous infections from computers. Users who have chosen to automatically receive Microsoft security fixes would begin to receive that removal tool Tuesday, Toulouse said.

Last week the company also began offering a free program to remove spyware. Spyware can monitor computer users' activities, send annoying pop-up ads and slow computer performance.

Microsoft also has confirmed plans to sell its own antivirus software, which would compete against programs from McAfee, Symantec and others.



 
  Today's Top News     Top World News
 

Nation jumps to be world third largest trader

 

   
 

Hu offers systematic cure to corruption

 

   
 

Cross-Straits charter flight talks proposed

 

   
 

Draft law aims to hold back monopolies

 

   
 

Wintry Beijing tackles heating shortfalls

 

   
 

'Extremely critical' flaw threatens IE users

 

   
  Allawi admits some areas unsafe to vote
   
  Bush picks ex-prosecutor for homeland post
   
  Sharon phones Abbas in highest contact in years
   
  'Extremely critical' flaw threatens IE users
   
  New case of mad cow confirmed in Canada
   
  Death toll in Australian bushfires rises to 10
   
 
  Go to Another Section  
 
 
  Story Tools  
   
  News Talk  
  Are the Republicans exploiting the memory of 9/11?  
Advertisement
         
主站蜘蛛池模板: 国产成人精品亚洲77美色 | 一级女性黄色生活片免费的 | 日本巨乳中文字幕 | 日韩六九视频 | 在线视频你懂得 | 亚洲国产日韩在线一区 | 亚洲欧美日韩一级特黄在线 | 国产精品成人免费综合 | 国产成人18黄禁网站免费观看 | 91老女人 | 一级毛片免费毛片一级毛片免费 | 国模私拍福利一区二区 | 91精品国产综合久 | 深夜爽爽爽gif福利免费 | 日韩欧美特级毛片 | 特黄录像 | 婷婷sese| 日韩精品另类天天更新影院 | 成 人 免 费 黄 色 | 黄色中文字幕 | 成人免费体验区福利云点播 | 全黄一级裸片视频在线观看 | a级aaaaaaaa毛片| 成年男女免费视频观看性 | 欧美特黄一区二区三区 | 日韩一级片在线 | 久久青草免费线观最新 | 一级黄色片免费观看 | 中日韩一级片 | av国产精品 | 免费欧洲毛片a级视频 | 综合亚洲色图 | 久久国内精品自在自线400部o | 日韩毛片网站 | 亚洲无线乱码高清在线观看一区 | 丁香婷婷综合五月综合色啪 | 精品国产一区二区二三区在线观看 | 欧美小younv 欧美性xxxxx极品老少 | 成人一a毛片免费视频 | 国产三级欧美 | 一级免费黄色录像 |