Momentary lapse of life

R/C, PC Security, and anything else that interests me at the time…

Security News Portal, computer networking security hacking and virus news alerts and advisories

New Internet Explorer Vulnerability leaves users at risk
Unfortunately MS says they don’t have a fix for it…
11-22-2005 1:56:23 PM CST — from the folks at Microsoft…

Microsoft is investigating new public reports of vulnerability in Microsoft Internet Explorer on Microsoft Windows 98, on Windows 98 Second Edition, on Windows Millennium Edition, on Windows 2000 Service Pack 4, and on Windows XP Service Pack 2. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected.
Microsoft has also been made aware of a proof of concept code targeting the reported vulnerability but they are not aware of any customer impact at this time. MS will continue to investigate these public reports. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible. Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed….continued….

For more information visit the Microsoft site by clicking here….

Hmmmm… so the only advice that Microsoft has to offer is to ” encourage users to exercise caution when they open links in e-mail.”… Doh ! Too bad that back in May 2005 MS didn’t take the Denial of Service potential of this vulnerability more serious and instead chose to put it on their backburner. Which leaves us to wonder about how many other “things: are sitting on the MS backburner. And I am curious about those months that went by where no patches or only one patch was issued for the month. Why didn’t they get around to fixing the DOS problem during those patchless months ? The mind boggles at the questions that this revelation raises…


One response to “Security News Portal, computer networking security hacking and virus news alerts and advisories

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: