Wednesday, July 06, 2005

Microsoft offers workaround for IE vulnerability

Robert McMillan writes in NetworkWorld:

Microsoft has released software that can be used to mitigate a critical vulnerability in Internet Explorer that was first reported last week. The bug, which concerns the way Internet Explorer handles ActiveX components, can cause the browser to crash and could be used by an attacker to run unauthorized software on the IE user's machine, according to Microsoft.

On Tuesday, Microsoft released software that in the registry disables a file called Javaprxy.dll, which is used to run these components in IE. This file is used by the Microsoft Java Virtual Machine, according to Microsoft.

Microsoft has not yet decided whether it will release a software patch that would fix the underlying problem, a spokeswoman for Microsoft's public relations agency said. "The workaround that they've offered here doesn't fix the underlying vulnerability, but it removes the functionality," she said.

Danish security company Secunia gave the
vulnerability its most serious rating, calling it "extremely critical."

0 Comments:

Post a Comment

<< Home