|
The flurry of security flaws reported in last month's column continues. Microsoft has released a patch for what it calls the "ImportExportFavorites" vulnerability. This flaw in IE 4.01 and 5 allows carefully scripted Web pages (and HTML e-mail messages) to "take any action on the machine that the user could take," including creating or destroying files, or even formatting the hard disk. For details visit www.microsoft.com/security/bulletins/MS99-037faq.asp. Microsoft has promised to post the IE 5 patch to windowsupdate.microsoft.com, but if it's not there, get it at ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE50/ImportExportFavorites-fix/x86/q241361.exe. You can find the 115KB IE 4.01 patch at ftp.microsoft.com/peropsys/ie/ie-public/fixes/usa/IE401/ImportExportFavorites-fix/x86/q241361.exe.
Browser security researcher Georgi Guninski has found yet another hole, this time in IE's ActiveX scripting subsystem. The defect allows a Web page or HTML mail message to upload text files from your PC to a remote one. The patch is available for download at windowsupdate.microsoft.com. If you're having trouble keeping up with all the IE 5 patches, things may get easier soon. Microsoft plans to release an IE 5.01 update by year's end. IE 5.01 will also be the browser that ships in Windows 2000, the company reports. |
Category:Hardware + Bugs and Fixes Issue: January 2000 |
These Web pages are produced by Australian PC World © 1999 IDG Communications