News

Cumulative IE Patch Addresses Critical Vulnerabilities

Microsoft issued a critical cumulative Internet Explorer patch on Wednesday that corrects six newly discovered vulnerabilities and changes the behavior of the Web browser.

The security bulletin, MS02-023, is the third cumulative patch for IE this year and the fifth since November 2001. In all, the five cumulative patches have included fixes for 20 newly discovered vulnerabilities, with critical problems in each cumulative patch. Every cumulative patch by definition is supposed to include all previously discovered IE vulnerabilities.

Three of the vulnerabilities in the latest cumulative patch rate a critical designation on Microsoft's threat scale. A cross-site scripting in local HTML resource problem affects IE 6.0; a local information disclosure through an HTML object affects IE 5.01, 5.5 and 6.0; and a script within cookies reading cookies affects IE 5.5 and 6.0.

Less serious vulnerabilities include a zone spoofing vulnerability through a malformed Web page and two new variants on what Microsoft calls the "Content Disposition" vulnerability.

Finally, the IE patch changes the way IE treats frames in the Restricted Sites zone. With the patch applied, IE disables frames in the Restricted Zone to protect Outlook Express and outlook users against HTML e-mails that automatically open new windows or launch downloads of executable files.

The patch is available at http://www.microsoft.com/technet/security/bulletin/ms02-023.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Grows Services Amid COVID-19

    Microsoft in a Saturday announcement recapped how its services have been affected by "shelter-in-place" governmental mandates in the last week, providing details on growth stats and prioritizations.

  • Microsoft Adds 6 More Months to Expiring Certification Programs

    Microsoft has announced an extension to the end date of three certification programs slated for retirement.

  • Microsoft's Surface Pro X: It's Like the Surface RT, But Better

    There's a lot about the Surface Pro X that's reminiscent of the ill-fated Surface RT. But despite the similarities, this might just be one of the rare cases where the sequel is better than the original.

  • Q&A: The Challenges of Securing All Those Newly Remote Workers

    Security expert Dale Meredith identifies cybersecurity challenges, best practices and major concerns resulting from all the employees forced into home offices by COVID-19.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.