October 7, 2003
|
Microsoft (MSFT) releases a cumulative patch for Internet Explorer this weekend, plugging a security hole that had been used by Trojan horse program QHosts to compromise consumers' PCs.
By Robert Lemos
The patch -- the fortieth that MSFT has issued this year -- seals several security holes in Internet Explorer 5.01, 5.5 and 6.0 for all versions of MSFT Windows. The giant deemed the patch critical to all versions of Windows, except Windows Server 2003, which runs with more security in its default installation.
The patch repairs a previous patch that didn't properly protect against two "object type" vulnerabilities. The vulnerabilities have been exploited by Trojan horse QHosts to compromise people's PCs when they browse a Web site that has attack code built in.
"An attacker could seek to exploit this vulnerability by hosting a specially constructed Web page," MSFT stated in the advisory. "If the user visited this Web page, Internet Explorer could fail and could allow arbitrary code to execute."
That's exactly what happened at FortuneCity.com, when an unknown attacker was able to replace a banner ad on the site with code that copied the QHosts program to any computer that viewed the page with Internet Explorer. The program doesn't attempt to spread itself, so it isn't considered a computer worm or a virus.
MSFT has been sued by a Los Angeles resident for its handling of security patches and for allegedly putting customers at risk by not offering proper security for its Windows operating system.
Back to the Top
|
MSFT & Google Allies?