Microsoft Releases Fix for Serious IE Flaw
Microsoft Corp. today released a fix for a dangerous security flaw in its Internet Explorer Web browser -- a flaw that security experts said could allow attackers to seize control over vulnerable Windows PCs.
The Microsoft advisory on the vulnerability may be somewhat difficult for the average user to parse. In an updated advisory issued today, Microsoft said the vulnerability affects just about every version of Internet Explorer the company has ever released. And even Service Pack 2, the bundle of patches the company released last fall for Windows XP users, does not necessarily protect users of that Windows version.
In a separate part of the advisory, labeled "Mitigating Factors," Microsoft says the portion of IE causing all the ruckus -- the "Microsoft Java Virtual Machine" -- is not included in Windows XP Service Pack 1a or Windows XP Service Pack 2, or on Windows Server 2003 and Windows Server 2003 with Service Pack 1 applied. But there's a big "but" here: The advisory notes that ... "the Microsoft Java Virtual Machine may have been installed by an application. It could also be present as a result of upgrading the operating system."
Clear as mud, right? Well, fortunately, Microsoft has released a scanning tool that should help you figure out whether your PC needs updating. That tool is available online here.
If that tools says you need to update your machine, then check out the Microsoft advisory, then click on the hyperlinked word that reads "Workarounds," and then on the first item that reads "Disable the Javaprxy.dll COM object from running in Internet Explorer." You also need to know what version of IE you are running to select the correct fix; to do this, click on the IE "Help" menu and then on the "About Internet Explorer" option.
The swiftness with which Microsoft has moved to fix the problem underscores the threat it poses to many Internet Explorer users. Microsoft's solution to the problem comes just one week after the vulnerability was first publicly detailed, yet the company has often spent months developing fixes for other serious Internet Explorer flaws. The quick response from Redmond could be because instructions for how hackers could exploit the IE flaw were publicly posted online last week.
My sincere hope is that Microsoft's rapid reaction in this case is a sign that the company is working harder to address critical security flaws quickly.
Posted by: huh? | July 6, 2005 2:24 PM | Report abuse
Posted by: huh | July 6, 2005 2:26 PM | Report abuse
Posted by: eric | July 6, 2005 3:18 PM | Report abuse
Posted by: Madhusudhanan,Cuddalore,India. | July 6, 2005 7:04 PM | Report abuse
Posted by: firstname.lastname@example.org | July 7, 2005 1:19 AM | Report abuse
Posted by: Alison | July 7, 2005 5:40 PM | Report abuse
The comments to this entry are closed.