Version: 2008
  • On mySimon: The North Face Borealis Laptop Backpack

December 1, 2004 1:24 PM PST

Microsoft rushes out critical IE fix

By Robert Lemos
Staff Writer, CNET News

  • 14 comments
Related Stories

Attackers strike using Web ads

 November 22, 2004

Double MyDoom for Internet Explorer flaw

 November 9, 2004

Exploit code makes IE flaw more dangerous

 November 4, 2004
Microsoft published a patch for Internet Explorer on Wednesday, aiming to close a month-old hole that has been used by viruses to spread and by an ad banner attack to compromise PCs.

The vulnerability, dubbed the Internet Explorer Elements flaw by Microsoft, had previously been called the iFrame vulnerability. The issue--which does not affect Microsoft's major Windows XP security update, Service Pack 2--could allow an attacker to take control of a victim's PC, if the user is logged on as an administrator. Most home users tend to log onto Windows as administrators.

A Microsoft representative said the software giant had released the update before its next scheduled patch day, Dec. 7, because it had already been used by malicious software to compromise Windows users' PCs.

"That's one of the things that we factor in--when the customers are affected or there are active attacks," said Stephen Toulouse, security program manager at Microsoft's security response center.

News analysis
Common enemies
Reliance on a single software
raises level of risk.

An attacker can use the vulnerability to gain control of a person's computer when the victim clicks on a simple Web link. The attacker would then have complete control of the system, and could install programs, view, modify or delete data and create new accounts.

The patch arrived more than a month after news of the vulnerability was first posted on public security mailing lists. The move garnered criticism from Microsoft, which has led a drive to convince security researchers to give software makers at least 30 days to fix issues before outing the problem in public forums.

The IE flaw underscores that online criminals are all too willing to use the latest vulnerabilities to take illicit control of users' PCs.

Two computer viruses appeared on the Internet in early November, using the vulnerability in Microsoft's browser to infect PCs after their users clicked on a simple Web link. The viruses, called Bofra.A and Bofra.B by antivirus companies, were loosely based on the source code of MyDoom.

In addition, online intruders breached the security of at least one server at advertising host Falk last week and used the computer to distribute an attack to the service's clients, including The Register, a technology news and opinion site.

The IE Elements flaw affects PCs with IE version 6 installed, but does not affect computers that have been upgraded to Service Pack 2. The software, the latest version of Windows XP, has been downloaded more than 130 million times, Microsoft's Toulouse said.

The latest update for IE 6 can be downloaded from Microsoft's security site or through Windows Update.

Add a Comment (Log in or register) (14 Comments)
  • prev
  • next
Yet another fix for IE..
by hion2000 December 1, 2004 4:12 PM PST
...and as usual Microsoft takes over a MONTH to release a fix for it.<br /><br />$8 billion dollar R&#38;D budget and it still takes a month? And Microsoft claims that their browser is "just as secure as the other browsers".<br /><br />Ditch IE - it's a sinking ship. Any other browser will give you far better protection (namely Firefox or Opera). <br /><br />P.S. Maxthon, Avant and Slimbrowser all use IE to render their pages so they too are affected.
Reply to this comment
IE is Ditched!!!
by Earl Benser December 1, 2004 5:36 PM PST
So is OE and Active X.<br /><br />But then, they've been ditched for years.
View reply
Yet another fix for IE..
by hion2000 December 1, 2004 4:12 PM PST
...and as usual Microsoft takes over a MONTH to release a fix for it.<br /><br />$8 billion dollar R&#38;D budget and it still takes a month? And Microsoft claims that their browser is "just as secure as the other browsers".<br /><br />Ditch IE - it's a sinking ship. Any other browser will give you far better protection (namely Firefox or Opera). <br /><br />P.S. Maxthon, Avant and Slimbrowser all use IE to render their pages so they too are affected.
Reply to this comment
IE is Ditched!!!
by Earl Benser December 1, 2004 5:36 PM PST
So is OE and Active X.<br /><br />But then, they've been ditched for years.
View reply
Really there were attacks?
by Jonathan December 1, 2004 9:06 PM PST
Hmmm why didn't I know about ....Oh ya I dropped that POS browser last fall. Thanks MS. Take your **** elsewhere losers.
Reply to this comment
Yes
by rbochan December 2, 2004 7:39 AM PST
At least one verified. You can read about it here:<br /><a class="jive-link-external" href="http://www.theregister.co.uk/2004/11/21/register_adserver_attack/" target="_newWindow">http://www.theregister.co.uk/2004/11/21/register_adserver_attack/</a>
Thanks MS
by Ubber geek June 6, 2007 8:59 AM PDT
<a class="jive-link-external" href="http://www.analogstereo.com/vacuum/miele_intensive_clean_bag_design.htm" target="_newWindow">http://www.analogstereo.com/vacuum/miele_intensive_clean_bag_design.htm</a>
Really there were attacks?
by Jonathan December 1, 2004 9:06 PM PST
Hmmm why didn't I know about ....Oh ya I dropped that POS browser last fall. Thanks MS. Take your **** elsewhere losers.
Reply to this comment
Yes
by rbochan December 2, 2004 7:39 AM PST
At least one verified. You can read about it here:<br /><a class="jive-link-external" href="http://www.theregister.co.uk/2004/11/21/register_adserver_attack/" target="_newWindow">http://www.theregister.co.uk/2004/11/21/register_adserver_attack/</a>
Thanks MS
by Ubber geek June 6, 2007 8:59 AM PDT
<a class="jive-link-external" href="http://www.analogstereo.com/vacuum/miele_intensive_clean_bag_design.htm" target="_newWindow">http://www.analogstereo.com/vacuum/miele_intensive_clean_bag_design.htm</a>
Its getting worse every day
by December 5, 2004 12:58 PM PST
Virus,security threats and spyware are getting worse and worse every day...Before I was getting calls on weekly base now I get calls on DAILY base to clean up computers and I am not even trying to reach all people...Most computers require complete Windows Reinstall and update in order to function again,patching and scaning is too late with computer alredu infected and messed up.<br />And Microsoft dares to talk how safe and secure Windows and IE is.
Reply to this comment
Its getting worse every day
by December 5, 2004 12:58 PM PST
Virus,security threats and spyware are getting worse and worse every day...Before I was getting calls on weekly base now I get calls on DAILY base to clean up computers and I am not even trying to reach all people...Most computers require complete Windows Reinstall and update in order to function again,patching and scaning is too late with computer alredu infected and messed up.<br />And Microsoft dares to talk how safe and secure Windows and IE is.
Reply to this comment
(14 Comments)
  • prev
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Microsoft (-0.11%) -0.03 27.98
Dow Jones Industrials (-0.62%) -61.97 9,996.67
S&P 500 (-0.69%) -7.43 1,063.09
NASDAQ (-0.61%) -13.17 2,137.70
CNET TECH (-0.60%) -9.14 1,515.57
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET