More Security Alerts from Microsoft, IE MAJOR Alert
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
Herwith a link and quote, from a carefully crosschecked TechRepublic email:
Link:
http://ct.com.com/click?q=e8-DO.MQfk.p_2ZeaFjTe6DdFDWtINE
Quote:
MICROSOFT WARNS OF CRITICAL IE FLAWS
TODAY'S TOP STORY
Microsoft issued alerts for multiple security flaws in several software products Wednesday, including a critical vulnerability in Internet Explorer. The IE alert notes that the browser does not check the type of object returned from a server, which could allow a specifically designed Web page to run malicious code on an unpatched computer.
Note that this type check has been known since the days of IE 5.0 SP1 or earlier. I have not applied the patch here, so feedback is strongly encouraged. I do not have heavy details and this vulnerablity was alerted Yesterday. I have ZERO patch experience feedback but a patch is needed given the info I have to almost anything that uses IE.
URL for windowsupdate for LEGAL (not saying anyone is not, but expect new site to check closer for legality) Windows is:
http://windowsupdate.microsoft.com as Blaster is still around and Microsft secured Windowsupdate.com by changing URL to a different one than Blaster uses for its DDOS attack. The new one is probably more secure also, though that will be something you probably will not obviously see. http://www.windowsupdate.com is down on that URL just given for the duration of blaster.
Please check for more info, do not panic, but this route opening (vulnerablities give vectors for malware writers) needs closing very thoroughly.
Link:
http://ct.com.com/click?q=e8-DO.MQfk.p_2ZeaFjTe6DdFDWtINE
Quote:
MICROSOFT WARNS OF CRITICAL IE FLAWS
TODAY'S TOP STORY
Microsoft issued alerts for multiple security flaws in several software products Wednesday, including a critical vulnerability in Internet Explorer. The IE alert notes that the browser does not check the type of object returned from a server, which could allow a specifically designed Web page to run malicious code on an unpatched computer.
Note that this type check has been known since the days of IE 5.0 SP1 or earlier. I have not applied the patch here, so feedback is strongly encouraged. I do not have heavy details and this vulnerablity was alerted Yesterday. I have ZERO patch experience feedback but a patch is needed given the info I have to almost anything that uses IE.
URL for windowsupdate for LEGAL (not saying anyone is not, but expect new site to check closer for legality) Windows is:
http://windowsupdate.microsoft.com as Blaster is still around and Microsft secured Windowsupdate.com by changing URL to a different one than Blaster uses for its DDOS attack. The new one is probably more secure also, though that will be something you probably will not obviously see. http://www.windowsupdate.com is down on that URL just given for the duration of blaster.
Please check for more info, do not panic, but this route opening (vulnerablities give vectors for malware writers) needs closing very thoroughly.
0
Comments