Microsoft Promises To Patch IE Zero-Day Bug
Microsoft late Monday responded to reports of a critical zero-day vulnerability in Internet Explorer with a security advisory that promised a fix but not a timeline.
Initially, the vulnerability was thought to only crash the browser, but new information, said researchers, point to a greater risk: that an attacker could run malicious code remotely on a compromised PC by luring users to a malicious Web site. The bug was labeled "extremely critical" by one security vendor Monday.
IE 5.01, 5.5, and 6.0 are open to attack, said Microsoft, even when running on up-to-date editions of Windows XP SP2, Windows Server 2003 SP1, and Windows 2000 SP4. The advisory offered up several steps users could take to prevent an attack, including disabling Active scripting and requiring IE to prompt before running Active scripting.
Initially, the vulnerability was thought to only crash the browser, but new information, said researchers, point to a greater risk: that an attacker could run malicious code remotely on a compromised PC by luring users to a malicious Web site. The bug was labeled "extremely critical" by one security vendor Monday.
IE 5.01, 5.5, and 6.0 are open to attack, said Microsoft, even when running on up-to-date editions of Windows XP SP2, Windows Server 2003 SP1, and Windows 2000 SP4. The advisory offered up several steps users could take to prevent an attack, including disabling Active scripting and requiring IE to prompt before running Active scripting.
No comments:
Post a Comment