Microsoft Patches Three Critical Browser Flaws

KingFishKingFish
edited July 2004 in Science & Tech
Microsoft on Friday released a patch for Internet Explorer designed to close three critical holes in the browser, including one that paved the way for the Download.Ject Trojan horse.
The software maker offered a work-around earlier this month and had promised in recent days that a comprehensive fix would be coming soon. Microsoft has also worked with law enforcement to shut down the Russian server that had been the source of malicious code. The new patch, which is available from Microsoft's security Web site, closes the hole, and Microsoft encouraged all IE users to update their browsers. Technically, the flaw is what's known as a cross-domain vulnerability, through which an attacker is able to cross a security boundary within the browser to deliver and execute malicious code.
Source: C|Net

Comments

  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited July 2004
    For those of you wanting to read the Microsoft Patch MS04-025 article, it is here:

    http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx

    There are links to downloads from here. XP users should read the Caveats and FAQ section of this article, one hotfix (hotfix 840309) can conflict with this patch and cause XP startup problems, there is a link to workarounds article on this page that can explain more-- conflict existence is per Microsoft, in the article at the link. Microsoft is calling this a critical unscheduled cumulative update. They did a cumulative to avoid many small patches. It applies to IE 5.01 and up, with different patches for different IE versions, so I linked directly to this security patch page so you could read about it and decide for yourselves.
Sign In or Register to comment.