APRIL 26, 2006 (TECHWORLD.COM) - Microsoft is investigating a new zero-day flaw in Internet Explorer that could put fully patched Windows systems at risk of takeover. Less serious bugs have also been reported in the Firefox and Safari browsers.
The IE bug, discovered by Michael Zalewski and posted on the full-disclosure mailing list on Sunday, could allow attackers to take over a system, Zalewski said.
Microsoft on Tuesday launched a site to promote Internet Explorer add-ons in an attempt to compete with Mozilla Corp.’s long-running site that specializes in extensions for the open-source Firefox browser.
The Add-Ons for Internet Explorer page hosts both free and for-a-fee add-ons to IE 6 and IE 7 Beta 2, and is organized in security, time saving, browsing, and entertainment categories. A search tool can be used to sift through the add-ons.
Barely two weeks after shipping an Internet Explorer security makeover to cover a wave of drive-by malware downloads, Microsoft is scrambling to address the public disclosure of a new zero-day vulnerability that could be used in code execution attacks.
The Redmond, Wash. software maker confirmed it was investigating a warning posted on the Full-disclosure mailing list that the latest versions of IE causes various types of crashes when visiting Web pages with nested OBJECT tags.
APRIL 25, 2006 (COMPUTERWORLD) - Microsoft has released for free public download beta 2 of Internet Explorer 7 for Windows XP. This latest version of Microsoft’s next browser has few visible changes from the Beta 2 preview edition posted on March 20.
Microsoft’s Internet Explorer, which was just patched with 10 fixes two weeks ago, suffers from yet another zero-day vulnerability that can be exploited remotely, security firm Symantec said Monday.
In an alert to customers of its DeepSight threat system, Symantec cited a vulnerability first posted to the Bugtraq security mailing list by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the way it handles malformed HTML.
Microsoft on Tuesday stripped the “Preview” label from Internet Explorer Beta 2 to roll out the first version of its new browser that the company will support with regular security updates.
Windows XP and Windows Server 2003 users will also be the first to get their hands on the final IE 7 later this year; Microsoft plans to release their edition before Windows Vista, which includes its own version of IE 7, ships in November.
When a user visits a Web site, her browser may be instructed to visit other third-party domains without her knowledge. Some of these third-party domains raise security, privacy, and safety concerns. The Strider URL Tracer, available for download, is a tool that reveals these third-party domains, and it includes a Typo-Patrol feature that generates and scans sites that capitalize on inadvertent URL misspellings, a process known as typo-squatting. The tool also enables parents to block typo-squatting domains that serve adult ads on typos of children’s Web sites.
By packaging a functionality change for Internet Explorer with a needed security update, Microsoft has alienated some IT pros, security vendors complained Wednesday.
Along with the 10 patches in Tuesday’s MS06-013 security bulletin, Microsoft bundled changes to IE’s handling of ActiveX controls. Those changes, which were prompted by a 2003 $521 million judgment against Microsoft in a patent lawsuit brought by Eolas Technologies Inc. and the University of California, will require users to manually activate controls on some sites.
Microsoft released a fix for a serious security bug in Internet Explorer on Tuesday (11 April). The fix for the “CreateTextRange” vulnerability - which has become the subject of hacker exploits over recent days - was released as a cumulative update to Internet Explorer along with four other security bulletins, two of which also earn the dreaded critical ranking.
Microsoft offered some advance notification Thursday that it would unveil five security bulletins on Tuesday, April 11, among them a fix for the Internet Explorer vulnerability that has been exploited for weeks.
Four of the five will affect Windows, and at least one will be tagged “critical,” Microsoft’s highest-level warning. The fifth will resolve an issue in Microsoft Office that the Redmond, Wash. developer has judged as a “moderate” problem.
