Home > Security News > Microsoft fixes object type flaw in IE
Security News:
EMAIL THIS LICENSING & REPRINTS

Microsoft fixes object type flaw in IE

By Edward Hurley, SearchSecurity.com News Writer
06 Oct 2003 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Microsoft has finally released a patch for the object type vulnerability in Internet Explorer that was exploited by the QHost-1 Trojan last week.

The cumulative patch, released Saturday at midnight EDT, also patches a previously unannounced flaw in Internet Explorer. The new vulnerability involves how Internet Explorer handles XML data binding. Microsoft has deemed both vulnerabilities "critical." The company recommends immediately installing the patch, which covers all released patches for Internet Explorer 5.01, 5.5 and 6.0. Both flaws could allow attackers to run arbitrary code on vulnerable systems.

Microsoft broke practice with this cumulative patch. Recent fixes have been sent out on Wednesdays.

Microsoft also changed how Internet Explorer handles Dynamic HTML (DHTML). Currently, attackers can exploit a vulnerability to make Internet Explorer run script code in the security context of the Internet Zone. The company warns that this vulnerability can be exploited using Windows Media Player's ability to open URLs. Specially crafted HTML-based e-mails could be used for such an attack. The company recommends that users update this application in addition to installing the patch.

The vulnerabilities can be exploited in two ways. In either case, a remote attacker can gain the same system privileges as the system users. "Users whose accounts are configured to have few privileges on the system would be at less risk than ones who operate with administrative privileges," Microsoft said in a press release.

First, HTML e-mails containing malicious code could be sent. Second, a malicious Web site could be created to take advantage of the flaws.

The latter approach was used by QHost, which emerged last week to wreak havoc with PCs' DNS settings. The Trojan injected itself into systems when users visited a site hosted by Web host FortuneCity.com. It then changed the DNS settings for computers so all requests were routed through IP addresses set by the Trojan's author. It also redirects popular search URLs such as google.com and altavista.com to a search site of the author's choosing.

Until the patch is installed, users can, as a workaround, disable Active Scripting. That prevents infection from QHost, but it could affect the loading of other Web sites. Users can also remove the MIME registry key. The key is located at:

HKEY_LOCAL_MACHINESOFTWAREClassesMIMEDatabaseContent Typeapplication/hta

FOR MORE INFORMATION:

Microsoft security bulletin: MS03-040

Ask the experts

FEEDBACK: Do you applaud Microsoft for breaking from its practice of sending alerts on Wednesdays with MS03-040?
Send your feedback to the SearchSecurity.com news team.



Sound Off! -   Post your comments |  See others' comments (1)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts