ad info
 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
  
 

  
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)
[CNN Money] BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS
4:30pm ET, 4/16
DJIA
144.70
8257.60
NAS
3.71
1394.72
S&P
10.90
879.91
 
[SI.com] SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

> All Scoreboards
WEATHER
All cities
WORLD

Quake help not fast enough, says Indian PM
U.S.

Bush: No help from Washington for California power crunch
POLITICS

Bush signs order opening 'faith-based' charity office for business
LAW

Prosecutor says witnesses saw rap star shoot gun in club
ENTERTAINMENT

Can the second 'Survivor' live up to the first?
HEALTH

Heart doctors debate ethics of testing super-aspirin
TRAVEL

Nurses to aid ailing airline passengers
FOOD

Texas cattle quarantined after violation of mad-cow feed ban
ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)
MAINPAGE
WORLD
U.S.
WEATHER
BUSINESS
SPORTS
TECHNOLOGY
 *
computing
personal technology
SPACE
HEALTH
ENTERTAINMENT
POLITICS
LAW
CAREER
TRAVEL
FOOD
ARTS & STYLE
BOOKS
NATURE
IN-DEPTH
ANALYSIS
LOCAL
EDITIONS:
CNN.com Europe

 change default edition
MULTIMEDIA:
video
video archive
audio
multimedia showcase
more services
E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:
 
DISCUSSION:
chat
feedback
CNN WEB SITES:
CNN Websites
CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines
TIME INC. SITES:
CNN NETWORKS:
Networks image
CNN anchors
transcripts
Turner distribution
SITE INFO:
help
contents
search
ad info
jobs
WEB SERVICES:

Microsoft releases patch to fix IE security hole

From...
 Computerworld

July 6, 2000
Web posted at: 8:27 a.m. EDT (1227 GMT)

by Kathleen Ohlson

(IDG) -- Microsoft has issued a patch for an Internet Explorer bug that it said could overwrite files and eventually crash computers.

The vulnerability in the browser's Active Setup Download feature could enable malicious hackers or Web site operators to launch denial-of-service attacks, Microsoft said in a bulletin that accompanies the patch. The fix for the security hole was released last Thursday.

  MESSAGE BOARD
Microsoft
 
  ALSO
Microsoft hacks IE 5.5 for Mac
 

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Computerworld's home page
  Computerworld's Security Watch
  Microsoft patches e-mail security
  Microsoft acknowledges browser flaw
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  TechInformer

The Active Setup control detects which files are needed by users who are updating software and then downloads the relevant ones. It's supposed to check to see whether the files are digitally signed before downloading them and warn users if files aren't signed or are signed by someone who doesn't have proper authorization, according to Microsoft.

But the mechanism has two flaws, Microsoft said. First, Microsoft-signed files are treated as trusted content, which means Internet Explorer will download them without asking for a user's approval. In addition, the control allows download locations to be specified on a user's hard drive, which Microsoft said could give malicious attackers a tool for overwriting system files and rendering machines unusable.

However, Microsoft added that attackers couldn't modify files or cause other damage to a computer other than crashing the system. The flaw affects Versions 4, 4.01, 5 and 5.01 of Internet Explorer, the company said.



RELATED STORIES:
Microsoft unveils a new Office for Macintosh
June 19, 2000
Microsoft releases latest Outlook security 'patch'
June 8, 2000
Check digital certificates in Internet Explorer 4 and 5, users cautioned
June 8, 2000
Microsoft to delay Outlook patch
May 26, 2000
Outlook patch called overkill
May 23, 2000
RELATED IDG.net STORIES:
Microsoft, CERT disagree on IE patch
(Computerworld)
Caution urged over digital certificates in Internet Explorer
(Computerworld)
Microsoft squashes 'Paperclip' bug
(Computerworld)
Microsoft acknowledges browser flaw
(The Industry Standard)
Netscape posts security fix
(PC World)
Security hole found in Network Associates firewall
(Computerworld)
Microsoft patches e-mail security
(PC World)
Microsoft to patch Active Directory
(Network World Fusion)
RELATED SITES:
Microsoft
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 Search   
Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.