New Critical Internet Explorer (IE) Flaw Involves Msdds.dll 8/18/2005 - 1,095 views,
|
Previous Article « Blue Frog Not Only Spams Webforms, It’s “Blurry Hashed” for Extra Inaccuracy
Read Next Article » Proposed .XXX Web Domains in Sticky Situation with Bush
The French Security Incident Response Team (FrSIRT) is reporting a newly discovered flaw in Internet Explorer (IE), and related to the Microsoft Msdds.dll library file. In fact, it’s so new, that there isn’t even a patch for it at the time of this writing. Because the Msdds.dll library file must be present in order for the flaw to be exploited, those with the Msdds.dll library are likely at highest risk. Said an FrSIRT spokesperson, “Microsoft said that this library is installed with Visual Studio but we do not have Visual Studio installed on our lab machines” (and yet the Msdds.dll library file was present). They have also confirmed the flaw with IE6 on a Windows XP system with SP2 and all patches to date. Of course, while there isn’t a patch for this flaw available yet, the code to exploit the flaw is available on the Internet. Like some other flaws, this one is of the nature such that the bad guys can craft a malicious site, and if a user visits the site with a system with the flaw, the bad guys can take control of the user’s PC, and install a back door for future use. Some Internet security companies, such as Websense, have already added detection for the flaw. However a spokesperson for Microsoft said that while they were aware of the flaw, they were unaware of any attacks using the flaw, and that when they were done investigating the flaw, they would take appropriate action.
|
|
Email the link for this page to a friend! |
Read more:
» Severe Security Flaw in Netscape
» Internet Explorer 6 Security Flaw Given “Extremely Critical” Status
» Microsoft Announces Patch for “Help Flaw” Security Hole
For additional similar stories check out our archives on Security, Windows
