New Critical Internet Explorer (IE) Flaw Involves Msdds.dll - 2,628 Views,
|
Previous Article « Blue Frog Not Only Spams Webforms, It’s “Blurry Hashed” for Extra Inaccuracy
Read Next Article » Proposed .XXX Web Domains in Sticky Situation with Bush
The French Security Incident Response Team (FrSIRT) is reporting a newly discovered flaw in Internet Explorer (IE), and related to the Microsoft Msdds.dll library file. In fact, it’s so new, that there isn’t even a patch for it at the time of this writing. Because the Msdds.dll library file must be present in order for the flaw to be exploited, those with the Msdds.dll library are likely at highest risk. Said an FrSIRT spokesperson, “Microsoft said that this library is installed with Visual Studio but we do not have Visual Studio installed on our lab machines” (and yet the Msdds.dll library file was present). They have also confirmed the flaw with IE6 on a Windows XP system with SP2 and all patches to date. Of course, while there isn’t a patch for this flaw available yet, the code to exploit the flaw is available on the Internet. Like some other flaws, this one is of the nature such that the bad guys can craft a malicious site, and if a user visits the site with a system with the flaw, the bad guys can take control of the user’s PC, and install a back door for future use. Some Internet security companies, such as Websense, have already added detection for the flaw. However a spokesperson for Microsoft said that while they were aware of the flaw, they were unaware of any attacks using the flaw, and that when they were done investigating the flaw, they would take appropriate action.
Follow Anne on Twitter
New Critical Internet Explorer (IE) Flaw Involves Msdds.dll
Twitter Explained in Plain English
Previous Article « Blue Frog Not Only Spams Webforms, It’s “Blurry Hashed” for Extra Inaccuracy
Read Next Article » Proposed .XXX Web Domains in Sticky Situation with Bush
Read more:
» Internet Explorer 6 Security Flaw Given “Extremely Critical” Status
» Severe Security Flaw in Netscape
» Microsoft Announces Patch for “Help Flaw” Security Hole
For additional similar stories check out our archives on Security, Windows
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
