SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Internet Explorer Vulnerability

If you're using Internet Explorer, be advised Microsoft has released a security advisory for Internet Explorer. This would allow an attacker to run code under the context of the logged on user. The only workaround is to disable active scripting, which isn't such a great workaround because it breaks so many sites. You can find the Microsoft Advisory here:

Microsoft Security advisory (917077)

There are a number of sites which are already using exploits for the vulnerability, so if you haven't been lately, start practicing safe browsing habits again. All that's required is a visit to activate the exploit. If you're interested in potential patches, there are two out by a couple of security companies. Neither fix the problem but instead mask the vulnerability as fixing it would require changing Microsoft's files. However, neither are supported by Microsoft (no big surprise). Microsoft has previously said they plan on releasing an update on 4/11, the normal monthly patch day, but  who knows? They may move it up. Read, consider risk, etc. As far as the two patches:

eEye Digital Security


And yes, this does affect up to Internet Explorer 7 beta.

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.


No comments.

Leave a Comment

Please register or log in to leave a comment.