News

Cumulative IE Patch Addresses Critical Vulnerabilities

Microsoft issued a critical cumulative Internet Explorer patch on Wednesday that corrects six newly discovered vulnerabilities and changes the behavior of the Web browser.

The security bulletin, MS02-023, is the third cumulative patch for IE this year and the fifth since November 2001. In all, the five cumulative patches have included fixes for 20 newly discovered vulnerabilities, with critical problems in each cumulative patch. Every cumulative patch by definition is supposed to include all previously discovered IE vulnerabilities.

Three of the vulnerabilities in the latest cumulative patch rate a critical designation on Microsoft's threat scale. A cross-site scripting in local HTML resource problem affects IE 6.0; a local information disclosure through an HTML object affects IE 5.01, 5.5 and 6.0; and a script within cookies reading cookies affects IE 5.5 and 6.0.

Less serious vulnerabilities include a zone spoofing vulnerability through a malformed Web page and two new variants on what Microsoft calls the "Content Disposition" vulnerability.

Finally, the IE patch changes the way IE treats frames in the Restricted Sites zone. With the patch applied, IE disables frames in the Restricted Zone to protect Outlook Express and outlook users against HTML e-mails that automatically open new windows or launch downloads of executable files.

The patch is available at http://www.microsoft.com/technet/security/bulletin/ms02-023.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.