Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

KB870669 9 month old IE Flaw

Comments

  • #2
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 92,986 Mod ✭✭✭✭Capt'n Midnight


    IE ? SNAFU

    http://www.theregister.co.uk/2004/07/05/ie_vuln/
    IE workaround a non-starter
    By John Leyden
    Published Monday 5th July 2004 10:40 GMT

    Doubts have been raised about the effectiveness of a workaround issued by Microsoft to guard against a potentially devastating vulnerability in IE. Left unchecked the flaw creates a means for hackers to turn popular websites into conduits for viral transmission.

    On 24 June many websites running Microsoft's IIS 5 Web server software were infected with malicious JavaScript code called Download.Ject. If IE users visited websites hosting Download.Ject their PCs attempted to download a virus from a Russian website. This website was quickly shut down, but the incident illustrated serious security shortcomings with IE and prompted security clearing house US-CERT to advise users to ditch IE in favour of alternative browsers.

    Last Friday, Microsoft rolled out configuration changes to the Windows XP, Windows Server 2003 and Windows 2000 designed to protect against the Download.Ject attack as a workaround prior to the availability of patches. But postings to the insecure.org full disclosure mailing list over the weekend provide evidence that a slightly modified exploit can still yield full system compromise even on systems that have applied the workaround.

    Users are advised to disable Active Scripting, except for trusted websites, as a precaution, until Microsoft comes out with a fix. Alternative browsers such as Mozilla, Opera or Netscape - which are not subject to this IE-specific attack - remain a much safer option. ®


Advertisement