Friday, June 18, 2021

Microsoft Issues ‘Critical’ IE Patch

For the third time in as many months, Microsoft has
issued a cumulative patch for its flagship Internet Explorer browser,
warning that two newly discovered vulnerabilities involving the cross-domain
security model should be considered “critical.”

A security advisory from Microsoft said the
latest IE fix includes the functionality of all previously released patches
for Internet Explorer versions 5.01, 5.5, 6.0.

The latest bugs, detected by Swedish researcher Andreas Sandblad,
affected the browser’s cross-domain security model which keeps windows of
different domains from sharing information. “These flaws results in Internet
Explorer because incomplete security checking causes Internet Explorer to
allow one website to potentially access information from another domain when
using certain dialog boxes,” the company warned.

To exploit the holes, an attacker would have to host a malicious web page
aimed at this particular vulnerability and then persuade an IE user to visit
that site. “Once the user has visited the malicious web site, it would be
possible for the attacker to run malicious script by misusing a dialog box
and cause that script to access information in a different domain,”
Microsoft explained.

“In the worst case, this could enable the web site operator to load
malicious code onto a user’s system. In addition, this flaw could also
enable an attacker to invoke an executable that was already present on the
local system,” it cautioned.

Separately, Microsoft’s 5th advisory this year warned that the
Windows Redirector on Windows XP contains an unchecked buffer vulnerability
that could lead to denial-of-service.

That flaw, rated as “important” could also allow an intruder to execute
harmful code if data was crafted in a particular way. A patch to fix the
Windows Redirector problem was also posted.

Similar articles

Latest Articles

Top Data Visualization Tools...

The amount of data generated and consumed by organizations is growing at an astounding rate. The total volume of data and information worldwide has...

The Data Capture Market

Data capture is the process of collecting, ingesting, or otherwise acquiring structured and unstructured data and either converting it into a data format usable...

NVIDIA and the Move...

NVIDIA recently held a Q&A with its visionary CEO Jensen Huang.   While the Q&A this week focused on NVIDIA’s announcements at Computex, his opening and...

Acquia Updates Open Digital...

BOSTON – Acquia’s Drupal-based customer experience (CX) platform is looking different to enterprise users. Acquia made updates last quarter across its three-part Open Digital Experience...