Microsoft Confirms IE6+/IE7 Security Bug
24th Mar 2006, 02:47 GMT
The Microsoft Internet Explorer team have confirmed a serious bug that can crash IE when users visit affected websites. The problem relates to the way the browser handles the createTextRange() function and affects all versions (IE6.x XP SP2 fully patched, IE7 beta). The bug was disclosed publicly last weekend before Microsoft were able to patch the problem. Lennart from the MSRC blog advised " Our initial investigation has revealed that if you turn off Active Scripting, that will prevent the attack as this requires script. Customers who use supported versions of Outlook or Outlook Express arent at risk from the email vector since script doesnt render in mail (being read in the restricted sites zone)." He said a security advisory would be released in the coming days. A Microsoft official recently chided Apple for their lack of a public Security Czar, and was (rightly) criticized for hypocrisy. However, Microsoft, for all their faults (and bugs) do appear to be making better efforts to publicize problems and deal with them in a timely matter. As Blogger in Chief Robert Scoble would say, blogs are about conversations - and it's good to see the security team, arguably one of the most important at Microsoft, getting more involved with their customers. View: Microsoft Security Response Center Blog Read full story...
Microsoft Confirms IE6+/IE7 Security Bug related news:
- IE7 Beta 2 Preview March: MSDN Library still not rendered correctly — Channel 9
- IE7 Separated from Windows Explorer — Slashdot
- Exploits in the wild for IE6 flaw growing! Hardware-enforced DEP promising! — ZDNet Blogs
- Navigation bug in IE7 (unless I'm loosing it) — Channel 9
- Następny błąd w IE6 znaleziony przez Polaka + nowy IE7 do pobrania — Aktualności IDG.pl - Oprogramowanie
- Microsoft warns of nasty IE bug — Network World on Security
- Want to file a bug with Microsoft? That'll be 35 dollars, please. — digg
- IE hit with third bug in one week — Techworld.com Security News
- Announcing Internet Explorer Feedback — IEBlog
- New publicly disclosed vulnerability in Internet Explorer — Welcome to the Microsoft Security Response Center Blog!
Latest news from Neowin.net:
- Microsoft to Add Wireless Video Sharing to the Zune
- Office 2007 System now available on MSDN
- "BlackBerry Thumb" sparks new form of hand massage
- IEEE Plans Safer Laptop Batteries
- Sun opens Java
- CompUSA to Sell Vista, Office 2007 Ahead of General Release
- Nvidia Readies 5 new GPU's?
- PowerUser.TV e59: Voting machines, Wii bundle and more!
- IBM To Help Educate China's Outsourcing Pros
- MP3 Player Owners Thieves?