News

Cumulative IE Patch for Critical Cookie Problem

Microsoft issued a cumulative patch for Internet Explorer in late March. It was the fourth cumulative patch in five months for the Web browser.

The most serious flaw this time is a critical vulnerability in the way IE handles cookies.

"A vulnerability in the zone determination function ... could allow a script embedded in a cookie to be run in the Local Computer zone," according to the bulletin. The only mitigating factor is that the script would run with the same rights as the user.

The bulletin addresses one other newly discovered bug. It is a vulnerability in the handling of object tags that could allow an attacker to invoke an executable already present on a user's machine.

That vulnerability would be much trickier for an attacker to exploit effectively.

The patch includes all existing fixes for IE 5.01, IE 5.5 and IE 6.0.

Descriptions of the new vulnerabilities and the cumulative patch for the problems can be found here:
http://www.microsoft.com/technet/security/bulletin/MS02-015.asp.

Previous cumulative patches for Internet Explorer came out on Feb. 11, Dec. 13 and Nov. 13. Microsoft had issued two bulletins about critical security problems involving IE since the Feb. 11 cumulative patch.

A critical problem with Microsoft's XML Core Services, a component of Internet Explorer 6.0, Windows XP and SQL Server 2000, was patched on Feb. 21. The same day, Microsoft alerted users to a critical problem with the way IE handles VBScripts that could allow malicious Web page designers to read local files.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Previews Windows Autopilot for HoloLens 2

    Microsoft on Friday announced a public preview of Windows Autopilot for HoloLens 2, its mixed-reality headset.

  • Microsoft Flirts with Charging for API Software Connections

    Microsoft may have started something new by attempting to charge its customers for software that uses its application programming interfaces (APIs).

  • Overcoming Spacesuit Anxiety During Astronaut Training

    Spacesuits are heavy, claustrophobic and hot -- an uncomfortable combination for many would-be astronauts. Here's how Brien came around to the idea of wearing one.

  • Microsoft Announces Azure Kubernetes Service Enhancements

    Microsoft this week announced a few Azure Kubernetes Service (AKS) product milestones as part of the KubeCon event.

comments powered by Disqus