arcana imperii :: the book of j


internet explorer - the swiss cheese of browsers

swiss cheese indeed. it couldn't have any more holes if they tried... security holes that is, which even make windows xp sp2 machines vulnerable to attack and remote manipulation.

there are well over three windows vulnerabilities already broadly known on the net, some of which have working exploits available, for which patches are not available. last week, uk-based researchers at secunia ltd warned of three «extremely critical» holes in internet explorer. the firm said exploit code was available, that works against ie 6, even on a windows xp service pack 2 box. in december, a chinese research outfit, xfocus team, disclosed three image-handling vulnerabilities in windows that could be exploited to take over machines via email or the web. patches are not yet available. and eeye digital security inc, one of the security firms that does not disclose details of vulnerabilities before patches are available, currently says it is waiting for microsoft to patch two high-severity bugs, one of which it found in august, one of which it found in november.

microsoft recently started alerting security administrators on the thursday preceding the second tuesday of each month what they can expect the following week. in its advance notification the company stated that there shall be at least three patches this week, which will likely require the patched computer to be restarted after the patch is applied.

via computer business review online.