anon
15.12.08, 18:03
Did Microsoft miss a vulnerability in its latest Internet Explorer (IE) patch roundup -- or several?
Late Thursday, Microsoft updated its advisory on a zero-day vulnerability (http://www.internetnews.com/security/article.php/3790586) affecting its IE 7 Web browser. The updated advisory now indicates (http://blogs.technet.com/mmpc/archive/2008/12/11/limited-exploitation-of-microsoft-security-advisory-961051.aspx) that older and newer versions of IE are also at risk from the XML zero-day (define (http://inews.webopedia.com/SHARED/search_action.asp?Term=Zero_Day_exploit&Template_Name=inews.webopedia.com)) flaw.
As a result, the company is now warning that IE 5.01 Service Pack 4, IE 6 and IE 6 SP1, and Windows Internet Explorer 8 Beta 2 are all potentially at risk.
The flaw stems from an issue in how Internet Explorer parses XML. Microsoft reported the vulnerability (http://www.internetnews.com/security/article.php/3790586) a day after issuing its December Patch Tuesday update (http://www.internetnews.com/security/article.php/3790076/Microsoft+Nabs+28+Flaws+in+Years+Last+Patch+Haul.h tm), which contained four different fixes for versions of IE.
As of late Thursday, there were no reported public sightings of the XML flaw in action on browsers other than IE 7, according to the security watchdogs at SANS Internet Storm Center (ISC).
InternetNews Realtime IT News - Microsoft Expands Zero-Day IE Warning (http://www.internetnews.com/security/article.php/3790886/Microsoft+Expands+ZeroDay+IE+Warning.htm)
Late Thursday, Microsoft updated its advisory on a zero-day vulnerability (http://www.internetnews.com/security/article.php/3790586) affecting its IE 7 Web browser. The updated advisory now indicates (http://blogs.technet.com/mmpc/archive/2008/12/11/limited-exploitation-of-microsoft-security-advisory-961051.aspx) that older and newer versions of IE are also at risk from the XML zero-day (define (http://inews.webopedia.com/SHARED/search_action.asp?Term=Zero_Day_exploit&Template_Name=inews.webopedia.com)) flaw.
As a result, the company is now warning that IE 5.01 Service Pack 4, IE 6 and IE 6 SP1, and Windows Internet Explorer 8 Beta 2 are all potentially at risk.
The flaw stems from an issue in how Internet Explorer parses XML. Microsoft reported the vulnerability (http://www.internetnews.com/security/article.php/3790586) a day after issuing its December Patch Tuesday update (http://www.internetnews.com/security/article.php/3790076/Microsoft+Nabs+28+Flaws+in+Years+Last+Patch+Haul.h tm), which contained four different fixes for versions of IE.
As of late Thursday, there were no reported public sightings of the XML flaw in action on browsers other than IE 7, according to the security watchdogs at SANS Internet Storm Center (ISC).
InternetNews Realtime IT News - Microsoft Expands Zero-Day IE Warning (http://www.internetnews.com/security/article.php/3790886/Microsoft+Expands+ZeroDay+IE+Warning.htm)