News

Cumulative IE Patch Addresses Critical Vulnerabilities

Microsoft issued a critical cumulative Internet Explorer patch on Wednesday that corrects six newly discovered vulnerabilities and changes the behavior of the Web browser.

The security bulletin, MS02-023, is the third cumulative patch for IE this year and the fifth since November 2001. In all, the five cumulative patches have included fixes for 20 newly discovered vulnerabilities, with critical problems in each cumulative patch. Every cumulative patch by definition is supposed to include all previously discovered IE vulnerabilities.

Three of the vulnerabilities in the latest cumulative patch rate a critical designation on Microsoft's threat scale. A cross-site scripting in local HTML resource problem affects IE 6.0; a local information disclosure through an HTML object affects IE 5.01, 5.5 and 6.0; and a script within cookies reading cookies affects IE 5.5 and 6.0.

Less serious vulnerabilities include a zone spoofing vulnerability through a malformed Web page and two new variants on what Microsoft calls the "Content Disposition" vulnerability.

Finally, the IE patch changes the way IE treats frames in the Restricted Sites zone. With the patch applied, IE disables frames in the Restricted Zone to protect Outlook Express and outlook users against HTML e-mails that automatically open new windows or launch downloads of executable files.

The patch is available at http://www.microsoft.com/technet/security/bulletin/ms02-023.asp.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.