Microsoft Issues Security Patches:
"Hardest hit in this month's batch of patches is IE, which contains five newly discovered vulnerabilities. Three of the flaws are related to the cross-domain security model in the browser. This mechanism is meant to prevent windows in different domains from sharing information. However, these weaknesses allow an attacker to run script in the browser's My Computer zone, which typically does not carry the same level of security as the Internet zone might."
In order to exploit this flaw, the attacker would either need to entice the user into visiting a malicious Web site or opening an HTML mail message containing the attack code. This would let the attacker access data from other Web sites that the user has visited and read files on the user's machine, Microsoft said in its bulletin.
Another flaw in IE concerns the manner in which the browser passes zone data to XML objects. Like the other three vulnerabilities, this one also can be exploited via Web sites and HTML mail messages. However, the attack also requires that users agree to download an HTML file, which would let the attacker read local files on the user's machine, if he knows the exact location of the files.
The final weakness in IE affects drag-and-drop operations during dynamic HTML events. If a user clicked on a link supplied by an attacker, the attacker could save a file on a user's machine in an arbitrary location. All of these flaws affect IE 5.01, 5.5 and 6, including IE 6, Service Pack 1.
The batch of patches also addresses a buffer overrun flaw in Windows 2000 and XP that could allow an attacker to run arbitrary code on remote machines. The vulnerability is in the Workstation service in Windows and a successful exploitation would give the attacker complete control of the compromised PC, Microsoft said.
Windows XP users who have installed the patch for MS03-043 are already protected against this vulnerability, but all Windows 2000 users would still need to apply this latest patch.…
The patches are at Microsoft's Security and Privacy Page.
http://www.microsoft.com/security/
http://www.eweek.com/article2/0,4149,1379656,00.asp?kc=EWNWS111203DTX1K0000599
skip to main |
skip to sidebar
tips, techniques and resources
Labels
Microsoft
(2)
Bing
(1)
Facebook
(1)
LinkedIn
(1)
Microsoft Office
(1)
Microsoft Outlook
(1)
Twitter
(1)
User Interface
(1)
YouTube
(1)
search
(1)
typography
(1)
Posts
About Me
Blog Archive
-
►
2014
(1)
- ► 02/02 - 02/09 (1)
-
►
2013
(3)
- ► 12/01 - 12/08 (1)
- ► 03/31 - 04/07 (1)
- ► 02/03 - 02/10 (1)
-
►
2012
(20)
- ► 12/30 - 01/06 (1)
- ► 08/12 - 08/19 (8)
- ► 08/05 - 08/12 (8)
- ► 06/10 - 06/17 (3)
-
►
2011
(5)
- ► 10/16 - 10/23 (1)
- ► 10/02 - 10/09 (2)
- ► 09/04 - 09/11 (1)
- ► 08/07 - 08/14 (1)
-
►
2010
(18)
- ► 11/07 - 11/14 (1)
- ► 06/27 - 07/04 (6)
- ► 05/30 - 06/06 (1)
- ► 04/25 - 05/02 (1)
- ► 03/07 - 03/14 (1)
- ► 02/28 - 03/07 (2)
- ► 02/14 - 02/21 (4)
- ► 02/07 - 02/14 (2)
-
►
2009
(12)
- ► 12/27 - 01/03 (1)
- ► 12/20 - 12/27 (1)
- ► 11/15 - 11/22 (1)
- ► 09/27 - 10/04 (2)
- ► 09/20 - 09/27 (2)
- ► 08/16 - 08/23 (1)
- ► 07/26 - 08/02 (1)
- ► 07/19 - 07/26 (1)
- ► 07/12 - 07/19 (1)
- ► 01/25 - 02/01 (1)
-
►
2008
(3)
- ► 04/20 - 04/27 (1)
- ► 02/17 - 02/24 (1)
- ► 01/06 - 01/13 (1)
-
►
2007
(3)
- ► 12/23 - 12/30 (1)
- ► 10/21 - 10/28 (1)
- ► 08/19 - 08/26 (1)
-
►
2006
(11)
- ► 11/26 - 12/03 (1)
- ► 11/19 - 11/26 (1)
- ► 10/15 - 10/22 (1)
- ► 09/17 - 09/24 (1)
- ► 08/13 - 08/20 (1)
- ► 04/23 - 04/30 (1)
- ► 04/16 - 04/23 (1)
- ► 03/26 - 04/02 (1)
- ► 03/12 - 03/19 (1)
- ► 01/15 - 01/22 (1)
- ► 01/01 - 01/08 (1)
-
►
2005
(161)
- ► 12/25 - 01/01 (2)
- ► 11/27 - 12/04 (2)
- ► 11/20 - 11/27 (1)
- ► 11/06 - 11/13 (1)
- ► 10/30 - 11/06 (2)
- ► 09/25 - 10/02 (1)
- ► 09/11 - 09/18 (1)
- ► 08/28 - 09/04 (3)
- ► 08/21 - 08/28 (1)
- ► 08/07 - 08/14 (3)
- ► 07/31 - 08/07 (2)
- ► 07/24 - 07/31 (1)
- ► 07/17 - 07/24 (4)
- ► 07/10 - 07/17 (1)
- ► 06/26 - 07/03 (2)
- ► 06/19 - 06/26 (2)
- ► 06/12 - 06/19 (3)
- ► 06/05 - 06/12 (1)
- ► 05/29 - 06/05 (2)
- ► 05/22 - 05/29 (5)
- ► 05/15 - 05/22 (1)
- ► 05/08 - 05/15 (3)
- ► 05/01 - 05/08 (8)
- ► 04/24 - 05/01 (2)
- ► 04/17 - 04/24 (4)
- ► 04/10 - 04/17 (2)
- ► 04/03 - 04/10 (4)
- ► 03/27 - 04/03 (3)
- ► 03/20 - 03/27 (7)
- ► 03/13 - 03/20 (5)
- ► 03/06 - 03/13 (8)
- ► 02/27 - 03/06 (5)
- ► 02/20 - 02/27 (8)
- ► 02/13 - 02/20 (4)
- ► 02/06 - 02/13 (8)
- ► 01/30 - 02/06 (10)
- ► 01/23 - 01/30 (6)
- ► 01/16 - 01/23 (12)
- ► 01/09 - 01/16 (14)
- ► 01/02 - 01/09 (7)
-
►
2004
(396)
- ► 12/26 - 01/02 (3)
- ► 12/19 - 12/26 (6)
- ► 12/12 - 12/19 (6)
- ► 12/05 - 12/12 (8)
- ► 11/28 - 12/05 (4)
- ► 11/21 - 11/28 (1)
- ► 11/14 - 11/21 (1)
- ► 11/07 - 11/14 (4)
- ► 10/31 - 11/07 (4)
- ► 10/24 - 10/31 (3)
- ► 10/17 - 10/24 (2)
- ► 10/10 - 10/17 (5)
- ► 10/03 - 10/10 (12)
- ► 09/26 - 10/03 (4)
- ► 09/19 - 09/26 (14)
- ► 09/12 - 09/19 (9)
- ► 09/05 - 09/12 (8)
- ► 08/29 - 09/05 (5)
- ► 08/22 - 08/29 (5)
- ► 08/15 - 08/22 (12)
- ► 08/08 - 08/15 (9)
- ► 08/01 - 08/08 (10)
- ► 07/25 - 08/01 (8)
- ► 07/18 - 07/25 (9)
- ► 07/11 - 07/18 (14)
- ► 07/04 - 07/11 (7)
- ► 06/27 - 07/04 (9)
- ► 06/20 - 06/27 (12)
- ► 06/13 - 06/20 (11)
- ► 06/06 - 06/13 (3)
- ► 05/30 - 06/06 (5)
- ► 05/23 - 05/30 (13)
- ► 05/16 - 05/23 (7)
- ► 05/09 - 05/16 (9)
- ► 05/02 - 05/09 (8)
- ► 04/25 - 05/02 (7)
- ► 04/18 - 04/25 (5)
- ► 04/11 - 04/18 (12)
- ► 04/04 - 04/11 (12)
- ► 03/28 - 04/04 (8)
- ► 03/21 - 03/28 (6)
- ► 03/14 - 03/21 (10)
- ► 03/07 - 03/14 (14)
- ► 02/29 - 03/07 (3)
- ► 02/22 - 02/29 (8)
- ► 02/15 - 02/22 (9)
- ► 02/08 - 02/15 (10)
- ► 02/01 - 02/08 (11)
- ► 01/25 - 02/01 (5)
- ► 01/18 - 01/25 (3)
- ► 01/11 - 01/18 (7)
- ► 01/04 - 01/11 (16)
-
▼
2003
(302)
- ► 12/28 - 01/04 (7)
- ► 12/21 - 12/28 (16)
- ► 12/14 - 12/21 (12)
- ► 12/07 - 12/14 (18)
- ► 11/30 - 12/07 (8)
- ► 11/23 - 11/30 (9)
- ► 11/16 - 11/23 (4)
-
▼
11/09 - 11/16
(28)
- 15 Seconds : Implementing Paging and XSLT Extensio...
- Digital Web Magazine - Features: User Interface De...
- New Windows Worm on the Way?: "The cycle began Tu...
- News: Wireless dilemma: Security isn't cool: "Wir...
- Evaluating the wireless networking options - TechU...
- Wireless Toolkit - NOW - TechUpdate - ZDNet: "Wir...
- News: Spam spike signals more junk e-mail: "An e-...
- Under Attack!: "The largest virus outbreak in his...
- O'Reilly Network Weblogs: PTO Director Orders Re-E...
- Holes Found in Online Job Search Privacy: "Some c...
- Microsoft Issues Security Patches: "Hardest hit i...
- Mimail Can Capture Keystrokes: "Top 10 E-Mail Vir...
- Messaging and Collaboration News, Product Reviews,...
- 154036 - How to Disable Active Content in Internet...
- AntiSpam: Up Close and Personal: "A feature of No...
- Internet Tax Ban Stops Dead in Senate: "A push to...
- Google Unveils Web-Searching Software: "Internet ...
- Carriers Unprepared for Wireless Number Portabilit...
- Microsoft: Virtual PC Will Run Linux: "Carla Huff...
- Symantec Security Response - Trojan.Androv: "Troj...
- Troubleshooting Windows XP, Tweaks and Fixes for W...
- Critical Issues: "Security Bulletins include info...
- In defense of Microsoft: "In late September 2003,...
- the information hiding homepage -- digital waterma...
- Why Am I Getting All This Spam?: "Every day, mill...
- Bruce Eckel's MindView, Inc: Free Electronic Book:...
- Miscellaneous Mathematical Utilities: "This page ...
- Honeypot - Frequently Asked Questions: "The purpo...
- ► 11/02 - 11/09 (12)
- ► 10/26 - 11/02 (26)
- ► 10/19 - 10/26 (6)
- ► 10/12 - 10/19 (11)
- ► 10/05 - 10/12 (4)
- ► 09/28 - 10/05 (9)
- ► 09/21 - 09/28 (7)
- ► 09/14 - 09/21 (9)
- ► 09/07 - 09/14 (11)
- ► 08/31 - 09/07 (4)
- ► 08/24 - 08/31 (11)
- ► 08/17 - 08/24 (14)
- ► 08/10 - 08/17 (11)
- ► 08/03 - 08/10 (11)
- ► 07/27 - 08/03 (7)
- ► 07/20 - 07/27 (11)
- ► 07/13 - 07/20 (10)
- ► 07/06 - 07/13 (8)
- ► 06/29 - 07/06 (6)
- ► 06/22 - 06/29 (4)
- ► 06/15 - 06/22 (3)
- ► 06/08 - 06/15 (4)
- ► 06/01 - 06/08 (1)
No comments:
Post a Comment