News: Beware Of Patches That Don’t Patch

By | September 10, 2003
 From the This Doesn’t Inspire Confidence Dept comes news that a patch recently released by Microsoft to fix a critical security vulnerability in its Internet Explorer browser does not work, according to security experts. CNET says that the vulnerability was discovered by eEye Digital Security around four months ago. The vulnerability in question can be exploited by crafting a malicious HTML file that, when viewed by an Internet Explorer browser, extracts and executes malicious code.
 
Two patches have since been released, but, according to eEye, neither fixes the vulnerability it is supposed to. If you’re worried, disable active scripting in your browser until Microsoft updates the patch. (Go to Tools/Options/Security/Custom Level, and then scroll down until you get to Active Scripting.)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.