RomeoTangoFoxtrotMike
3rd Feb 2004, 18:06
Microsoft have just released details of the lates batch of security problems in IE :(
Microsoft Security Bulletin MS04-004 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-004.asp?frame=true&hidetoc=true) contains details of a Cumulative Security Update for Internet Explorer (832894)
Summary
Affected: All users of Internet Explorer 6, possibly including earlier version of IE 5 (5.01 and 5.50). In addition to IE, any applications that use the IE HTML rendering engine to interpret HTML documents may be vulnerable.
Impact: Attacker can get you to run his malicious code, which can do anything to your PC that you can (so if you are logged in as an administrator, it could toast your machine.) Another vulnerability disguises URLs, making the user think they are visiting one (legitimate) site when the are in fact visiting another (e.g. the attacker's) possibly persuading the victim to give up sensitive data.
Patches are available from Microsoft Security Bulletin MS04-004 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-004.asp?frame=true&hidetoc=true)
Yuk... :uhoh:
[Ob disclaimer] As with all security information, you should independently verify this information before "fixing" your PC :ok:
/RTFM
Microsoft Security Bulletin MS04-004 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-004.asp?frame=true&hidetoc=true) contains details of a Cumulative Security Update for Internet Explorer (832894)
Summary
Affected: All users of Internet Explorer 6, possibly including earlier version of IE 5 (5.01 and 5.50). In addition to IE, any applications that use the IE HTML rendering engine to interpret HTML documents may be vulnerable.
Impact: Attacker can get you to run his malicious code, which can do anything to your PC that you can (so if you are logged in as an administrator, it could toast your machine.) Another vulnerability disguises URLs, making the user think they are visiting one (legitimate) site when the are in fact visiting another (e.g. the attacker's) possibly persuading the victim to give up sensitive data.
Patches are available from Microsoft Security Bulletin MS04-004 (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-004.asp?frame=true&hidetoc=true)
Yuk... :uhoh:
[Ob disclaimer] As with all security information, you should independently verify this information before "fixing" your PC :ok:
/RTFM