:: NORMAN :: Antivirus | Firewall

Home

News

Products & services

Virus & security

Support

Download

Partner

Purchase

Select country

Select product

Virus & security » Security Information » 2001 » Microsoft releases a patch for Internet Explorer that eliminates vulnerabilites characterized as critical

Microsoft releases a patch for Internet Explorer that eliminates vulnerabilites characterized as critical

Add to My Norman Bookmarks

Security Information Week 51, 2001

Introduction

To keep up with installing the latest patches, Service Packs, and other program updates, is a nightmare for many users and organizations. Fortunately e.g. Microsoft has made this more easy lately, as the patches often have been accumulative - all previous patches are included in the latest one.

This new policy at least makes in possible to be updated if one manages to keep track of information about the availability of new updates.

A new accumulative patch for critical vulnerabilities

Microsoft did recently publish a new accumulative patch for Internet Explorer - a patch that Microsoft has given the security rating Critical.

This patch solves three new vulnerabilities in Internet Explorer 5.5 and 6.0, which are the two versions of Internet Explorer that Microsoft supports. Microsoft recommends in the Security Bulletin MS01-058 that customers using IE 5.5. and 6.0 should install the patch immediately.

In addition to eliminating previously patched vulnerablities, the three new vulnerabilities eliminated by this new patch are:

A vulnerability that could trick IE to run a file directly from a malicious web page or HTML email. This is accomplished by manipulating the HTML header information. This is by far the most serious of the vulnerabilities as a malicious web site operator could create a special web page or email, that enables her to do anything on the compromized computer that the logged-in user can do, including e.g. running special programs from the malicious web site and deleting files. This vulnerability only affects IE version 6.0, not 5.5.
A vulnerability that enables a malicious web site operator to obtain locally stored information on a computer - e.g. passwords and other user information. This vulnerability affects both IE 5.5 and 6.0.
A vulnerability that may trick a user to download files that are actually of another file type than the file download dialog box says that they are. This vulnerability affects both IE 5.5 and 6.0.

Recommended action for users

Norman recommends users who want to use Internet Explorer as their browser and Outlook/Outlook Express as their email system to take action immediately:

Update to Internet Explorer version 5.5 with Service Pack 2 or Internet Explorer 6.0:
- Internet Explorer version 5.5 Service Pack 2
- Internet Explorer 6.0
Install the patch discussed in this Norman Security Information. The patch is available from this web page on Microsoft's web

Per Olav Førland

CURRENT VIRUS THREATS

Medium risk
15	Aug	08	AntiVirus 2008
24	Oct	07	Pidief.A
24	Jan	07	Tibs
25	Sep	06	Stration
18	Jan	06	Small.KI
12	Sep	05	Bagle.CS
17	Aug	05	Zotob.B
08	Jun	05	Mytob
17	Feb	05	MyDoom.AQ
26	Jul	04	MyDoom.L
25	Mar	04	Netsky.P
Low risk
05	Mar	07	Viking.GT
27	Jan	06	Feebs
16	Jan	05	MyDoom.AH
22	Apr	04	SDBot
30	Mar	04	Netsky.Q

Latest virus definition file published

>>	2008-12-02

Security Information

>>	Internet gaming - new opportunities for the (shady) visionary
>>	Fighting malware on two ends

Security News and Advisories

>>	One critical update for Microsoft systems in November 2008
>>	Unscheduled update for Microsoft systems

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam, and encryption, the company plays an important role in the data industry.