On Tuesday 02 April 2002 10:05, George Heuston wrote: > Critical holes in Microsoft Internet Explorer. Microsoft released a > patch for a pair of "critical" security holes in its Internet Explorer > Web browser. The browser patch corrects two flaws. The first makes it > possible for a malicious hacker to place code on a Web surfer's PC by > way of a cookie. The flaw allows a script embedded in a cookie to be > saved outside the secure area on the PC's hard disk. The code can then > be triggered the next time the surfer visits the site. The second flaw > allows a malicious programmer to include code on a Web site that > automatically executes programs already present on a surfer's PC. > Microsoft rated both flaws "critical" and advised PC users running > version 5 through 6 of Internet Explorer to promptly download the new > patch. Microsoft continues to investigate a recently publicized hole in > the software-debugging component of Windows NT and Windows 2000. > Malicious users could take advantage of the flaw in the debug tool to > gain elevated privileges on a server running either of the operating > systems. They could then access, modify and delete otherwise protected > files. (CNET News.com, 1 Apr) Before applying this patch, you might want to look at: http://www.theregus.com/content/4/24500.html Seems there are problems with the patch. (Like, being next to useless.)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:41 PDT