News

Cumulative IE Patch Addresses Critical Vulnerabilities

Microsoft issued a critical cumulative Internet Explorer patch on Wednesday that corrects six newly discovered vulnerabilities and changes the behavior of the Web browser.

The security bulletin, MS02-023, is the third cumulative patch for IE this year and the fifth since November 2001. In all, the five cumulative patches have included fixes for 20 newly discovered vulnerabilities, with critical problems in each cumulative patch. Every cumulative patch by definition is supposed to include all previously discovered IE vulnerabilities.

Three of the vulnerabilities in the latest cumulative patch rate a critical designation on Microsoft's threat scale. A cross-site scripting in local HTML resource problem affects IE 6.0; a local information disclosure through an HTML object affects IE 5.01, 5.5 and 6.0; and a script within cookies reading cookies affects IE 5.5 and 6.0.

Less serious vulnerabilities include a zone spoofing vulnerability through a malformed Web page and two new variants on what Microsoft calls the "Content Disposition" vulnerability.

Finally, the IE patch changes the way IE treats frames in the Restricted Sites zone. With the patch applied, IE disables frames in the Restricted Zone to protect Outlook Express and outlook users against HTML e-mails that automatically open new windows or launch downloads of executable files.

The patch is available at http://www.microsoft.com/technet/security/bulletin/ms02-023.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Deprecating Windows To Go

    Microsoft plans to put an end to its Windows To Go product in the near future, according to a Friday support article.

  • Microsoft Releases Hyper-V Server 2019 After Long Delay

    Acknowledging that the release took "way too long," Microsoft has made Hyper-V Server 2019 available for download from the Microsoft Evaluation Center page.

  • Forklift Container

    A Better Way To Upgrade Hyper-V Storage

    It's time again for Brien to perform a major storage upgrade on his Hyper-V hosts. But this time, he's taking a new approach.

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.