Late last week you may have seen Rob Westervelt’s news story on the dangerous Windows URI flaw, potentially enabling remote code execution on Windows XP and Windows Server 2003. As Rob reported, in order for an attack to be successful, an attacker must embed a malicious URI in a Web page or email and trick the user to follow the link.
But, you may be asking, how exactly is a URI different from a URL, or how do application developers often underestimate the complexity of URI protocol handler issues?
In what may be a case of perfect timing, late last week we debuted a brand-new tip by Michael Cobb that discusses how to prepare for and prevent URI exploits. Mike explains how URI identifier exploits like the one last week may start a fresh round of problems for developers and users alike. Obviously we hope this newly discovered flaw isn’t the start of a trend when it comes to URI issues, but either way, as the saying goes, an ounce of prevention is worth a pound of cure.