Subscribe to Windows IT Pro

 

Get Newsletters

  • Get the Latest News
  • Product Updates
  • Helpful Tricks
  • Productivity Tips

Subscribe Now!

August 23, 2004 12:00 AM

New IE Flaw Also Affects Windows XP SP2

Paul Thurrott
Windows IT Pro
InstantDoc ID #43739
Rating: (6)

A newly discovered flaw in Microsoft Internet Explorer (IE) affects various IE releases, including the version in Windows XP Service Pack 2 (SP2), leaving users of the incredibly buggy browser open to attack. The flaw, which security firm Secunia disclosed this weekend, affects IE 6, 5.5, and 5.01 and Windows XP SP2 and SP1.
  
Secunia describes the flaw as "highly critical," which is apparently more serious than "critical" but less serious than "wicked critical." The firm says that it created a proof-of-concept attack based on the flaw, which requires users to drag and drop content from a malicious Web site onto their hard disks, thus bypassing IE's security-zone protection. Secunia recommends that IE users disable Active Scripting until Microsoft issues a patch. A more proactive solution would be to use a more secure Web browser: I recommend Mozilla Firefox .
  
Curiously, Microsoft is downplaying the flaw's risk, citing the amount of user interaction required to exploit it. "Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers," a Microsoft representative said, noting that the company is still investigating the flaw.
  
Meanwhile, a new version of Download.Ject that's circulating on the Web affects all pre-XP versions of Windows. Users who have upgraded to XP SP2 are invulnerable to the attack, according to security researchers. The original Download.Ject surfaced in June, and Microsoft modified SP2 to handle that style of attack.

Related Content:

ARTICLE TOOLS


Want to use this article? Click here for options!

Comments
Add A Comment
  • truehighspeed
    8 years ago
    Aug 28, 2004

    Mr Md_detroit and Mr Elmurid, it is a rather a rude gesture to dismiss emphatically the evidence put forward by Mr BartLansing. Go to http://www.mikx.de/scrollbar/ and see the evidence before you demonstrate you sheer ignorance.

  • DEVLIN
    8 years ago
    Aug 27, 2004

    You have got to be kidding. Detroit is right, you people really are losers

  • bm_mn
    8 years ago
    Aug 25, 2004

    Dear Mr. MD_Detroit,

    Just how much does MS pay you to say sweet things about them? Your denial of something occurring reminds me of riverboat personnel that deny official, written military testamonials. Just because you claim that it's not important doesn't make it so.

    It's getting to the point with the MS browser that one needs to question the value of it's integration to the OS. This integration is its biggest problem. It's quite funny when you think that MS did this on purpose in order to stifle its competition. The continuing blow-back on MS from the secuity leaks--that they designed--will be their own undoing. LOL!

    Thanks,
    BM_MN

  • WinThose
    8 years ago
    Aug 25, 2004

    "Who drags and drops things from their browser onto their harddrive with regularity?"

    Mac users do. Of course, this vulnerability doesn't affect them, so it doesn't really matter. They can go on using their computers without worry.

  • mmcginty_SQL
    8 years ago
    Aug 24, 2004

    Here you go, disaffected misfit high school kids, here's a loaded gun, let's show your parents how much you hate them! Over here Islamic terrorists, how would you like a simple recipe to make the equivilent of C4 out of common home products, kill the infidel, viva gihad! Evil hacker scumbags, here it is, a blueprint for your next malware attack, complete with sample source, still beats SP2, could do some real damage with this one -- enjoy!

    Oh hey, don't forget these are just to prove it's not media hype, you understand, don't actually use any of these to kill people or destroy IT... oh hell, they already left, hmm...

    Thing about all of the above, in the immortal words of Andrew Dice Clay, "upside down it's all the same s#!t." The inherent danger of these constructs has been well proven. Release of these "proofs of concept" makes them available to uninspired creeps who likely never would've come up with anything close on their own. The only thing it will prove is as obvious and predictable as it is tragic: that these "researchers'" work can and will be used against us, the computing public -- remember us? Yes that's right, the people you don't give a damn about... well, looking forward to the destruction your work will spawn this time, good job, keep it up, heaven knows we can always use more mayhem.

    -Mark McGinty

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

White Papers

Get your Windows 7 deployment off to the right start by implementing PC lockdown. A locked-down environment is easier and cheaper to support since users are less likely to make unnecessary changes to the core system configuration - read more here!

Essential Guides

Is your iSCSI "lossy"? The reality is that most off-the-shelf Ethernet hardware deployed for iSCSI can lose packets, resulting in slow performance or application downtime. Learn how to assess your current iSCSI infrastructure and engineer an advanced iSCSI SAN infrastructure.

Web Seminars

What's the best way to keep your network safe from malware? In this web seminar, security expert Greg Shields suggests an alternative method to the traditional blacklisting approach that is common with anti-virus and anti-malware solutions.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

Cloud IT Pro DevProConnections Left-Brain Mobile Dev Pro SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.