Microsoft Produces Explorer iFrame Patch
Microsoft has finally produced a patch for the security hole in Internet Explorer that has become widely exploited in the past month.
Source: TechWorldThe hole in iFrame Explorer tags was released publicly in October before Microsoft was informed, putting the software giant on the back foot immediately. Since then, several successful attempts have been made by hackers to exploit the hole. Most dramatically, an advertising company was hacked last week and banner ads on a large number of European websites inadvertently infected visitors.
The patch has been released outside of Microsoft's usual monthly security cycle - demonstrating its urgency. The vulnerability, MS04-040, allows attackers to take complete control of a compromised system and can be exploited by getting users to visit websites where malicious code is downloaded.
"We are aware of some proof-of-concept code and public attacks" that take advantage of the flaw, said Stephen Toulouse, security program manager at Microsoft's security response center. It is urging users to apply the latest patch as soon as possible, he added. The flaw doesn't affect users who have already installed XP SP2, however.
0
Comments