Network News

X My Profile
View More Activity

Microsoft Releases Fix for Serious IE Flaw

Microsoft Corp. today released a fix for a dangerous security flaw in its Internet Explorer Web browser -- a flaw that security experts said could allow attackers to seize control over vulnerable Windows PCs.

The Microsoft advisory on the vulnerability may be somewhat difficult for the average user to parse. In an updated advisory issued today, Microsoft said the vulnerability affects just about every version of Internet Explorer the company has ever released. And even Service Pack 2, the bundle of patches the company released last fall for Windows XP users, does not necessarily protect users of that Windows version.

In a separate part of the advisory, labeled "Mitigating Factors," Microsoft says the portion of IE causing all the ruckus -- the "Microsoft Java Virtual Machine" -- is not included in Windows XP Service Pack 1a or Windows XP Service Pack 2, or on Windows Server 2003 and Windows Server 2003 with Service Pack 1 applied. But there's a big "but" here: The advisory notes that ... "the Microsoft Java Virtual Machine may have been installed by an application. It could also be present as a result of upgrading the operating system."

Clear as mud, right? Well, fortunately, Microsoft has released a scanning tool that should help you figure out whether your PC needs updating. That tool is available online here.

If that tools says you need to update your machine, then check out the Microsoft advisory, then click on the hyperlinked word that reads "Workarounds," and then on the first item that reads "Disable the Javaprxy.dll COM object from running in Internet Explorer." You also need to know what version of IE you are running to select the correct fix; to do this, click on the IE "Help" menu and then on the "About Internet Explorer" option.

The swiftness with which Microsoft has moved to fix the problem underscores the threat it poses to many Internet Explorer users. Microsoft's solution to the problem comes just one week after the vulnerability was first publicly detailed, yet the company has often spent months developing fixes for other serious Internet Explorer flaws. The quick response from Redmond could be because instructions for how hackers could exploit the IE flaw were publicly posted online last week.

My sincere hope is that Microsoft's rapid reaction in this case is a sign that the company is working harder to address critical security flaws quickly.

By Brian Krebs  |  July 5, 2005; 7:01 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: New Exploit for Unpatched IE Flaw
Next: Teen Worm Writer Fined 1,000 Euros

Comments

Your link to the MS scanning tool:
http://www.microsoft.com/downloads/details.aspx?familyid=4e38f4f9-ce7e-4271-8836-a7d7293a992f&displaylang=en
seems to be a pointer to an old tool?
Diagnostic Tool for the Microsoft VM 10a.zip
Date Published: 4/5/2004
Can you clarify?

Posted by: huh? | July 6, 2005 2:24 PM | Report abuse

Your link to the MS scanning tool:
http://www.microsoft.com/downloads/details.aspx?familyid=4e38f4f9-ce7e-4271-8836-a7d7293a992f&displaylang=en
seems to be a pointer to an old tool?
Diagnostic Tool for the Microsoft VM 10a.zip
Date Published: 4/5/2004
Can you clarify?

Posted by: huh | July 6, 2005 2:26 PM | Report abuse

I have often wondered if explorer based browsers are also affected by IE's vulnerabilities. I use maxthon as my backup to firefox.

Posted by: eric | July 6, 2005 3:18 PM | Report abuse

There were times when I was completely frustated and worried that I will never be able to access the web safely because I used catch up new spywares and
trojans within a few minutes connecting to net.

But thats all past,things changed when I started using Firefox.Apart from blocking almost all malwares and pop-ups,it has got a useful and simple set of options under the OPTIONS section in TOOLS menu,apart from this,online bookmarks,themes and unlimited extensions.....all these made a fan of Firefox.I went to the extend of collecting every version of Firefox(just like stamp,coins collection.I am unaware
of the English term that is used for collecting all the versions of software).Now I have each and every
version of Firefox from the date I started using it.

I wish and hope that Firefox will get more and more features.

But one feature which I feel that many are desperately in need of is a complete fully featured download manager which can used to resume download even if the connection is disconnected halfway.

Posted by: Madhusudhanan,Cuddalore,India. | July 6, 2005 7:04 PM | Report abuse

Guys,
securing X86 products with Microsoft engines is an impossible task. There has never been, nor will there be a secure MS product until and unless that Corp, totally vacates X86 basic instruction on 32 bit processors.

Vacating X86 code will not be possible while any Intel 32 bit product running Windows is on the internet. Pure and simple, 32 bit X86 code is impossible to protect. The efforts being made public are a sham until/unless both MS and Intel are 64 bid non X86 code.

Posted by: austin1@pacbell.net | July 7, 2005 1:19 AM | Report abuse

I, too, am curious about the tool that's from 2004. Plus I had no idea what to do with the downloaded .zip file. There were several files in there and I was not sure how to proceed. Help!

Posted by: Alison | July 7, 2005 5:40 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company