News

Cumulative IE Patch for Critical Cookie Problem

Microsoft issued a cumulative patch for Internet Explorer in late March. It was the fourth cumulative patch in five months for the Web browser.

The most serious flaw this time is a critical vulnerability in the way IE handles cookies.

"A vulnerability in the zone determination function ... could allow a script embedded in a cookie to be run in the Local Computer zone," according to the bulletin. The only mitigating factor is that the script would run with the same rights as the user.

The bulletin addresses one other newly discovered bug. It is a vulnerability in the handling of object tags that could allow an attacker to invoke an executable already present on a user's machine.

That vulnerability would be much trickier for an attacker to exploit effectively.

The patch includes all existing fixes for IE 5.01, IE 5.5 and IE 6.0.

Descriptions of the new vulnerabilities and the cumulative patch for the problems can be found here:
http://www.microsoft.com/technet/security/bulletin/MS02-015.asp.

Previous cumulative patches for Internet Explorer came out on Feb. 11, Dec. 13 and Nov. 13. Microsoft had issued two bulletins about critical security problems involving IE since the Feb. 11 cumulative patch.

A critical problem with Microsoft's XML Core Services, a component of Internet Explorer 6.0, Windows XP and SQL Server 2000, was patched on Feb. 21. The same day, Microsoft alerted users to a critical problem with the way IE handles VBScripts that could allow malicious Web page designers to read local files.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Azure AD Enhancements Bring Expanded Support for Auto-Provisioned SaaS Apps

    Microsoft announced a number of Azure Active Directory enhancements this month.

  • What's Behind Microsoft's Sudden Teams Push?

    As Skype for Business slowly gets phased out and Slack's enterprise dominance becomes less of a sure thing, the time is right for Microsoft to focus its marketing energies on its upstart collaboration tool.

  • Microsoft Releases PowerShell 7 Preview 3

    Microsoft announced on Wednesday that the PowerShell 7 Preview 3 scripting solution is now available.

  • SQL Server 2019 Release Candidate Now Available

    Microsoft on Wednesday announced the release of SQL Server 2019 release candidate (RC).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.