News

Cumulative IE Patch for Critical Cookie Problem

Microsoft issued a cumulative patch for Internet Explorer in late March. It was the fourth cumulative patch in five months for the Web browser.

The most serious flaw this time is a critical vulnerability in the way IE handles cookies.

"A vulnerability in the zone determination function ... could allow a script embedded in a cookie to be run in the Local Computer zone," according to the bulletin. The only mitigating factor is that the script would run with the same rights as the user.

The bulletin addresses one other newly discovered bug. It is a vulnerability in the handling of object tags that could allow an attacker to invoke an executable already present on a user's machine.

That vulnerability would be much trickier for an attacker to exploit effectively.

The patch includes all existing fixes for IE 5.01, IE 5.5 and IE 6.0.

Descriptions of the new vulnerabilities and the cumulative patch for the problems can be found here:
http://www.microsoft.com/technet/security/bulletin/MS02-015.asp.

Previous cumulative patches for Internet Explorer came out on Feb. 11, Dec. 13 and Nov. 13. Microsoft had issued two bulletins about critical security problems involving IE since the Feb. 11 cumulative patch.

A critical problem with Microsoft's XML Core Services, a component of Internet Explorer 6.0, Windows XP and SQL Server 2000, was patched on Feb. 21. The same day, Microsoft alerted users to a critical problem with the way IE handles VBScripts that could allow malicious Web page designers to read local files.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.