Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Patch Tuesday Cleans Up IE

    By
    Paul F. Roberts
    -
    December 13, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft Corp. released software updates in two security bulletins Tuesday, MS05-054 and MS05-055. The updates include fixes for critical new holes in IE, and code to remove a program from Sony BMG that introduced a vulnerability onto customers Windows machines, according to Stephen Toulouse, security program manager with Microsofts Security Resource Center.

      The cumulative patch for IE, MS05-054, includes previous fixes for the Web browser and patches for four recently discovered holes, including a publicly disclosed vulnerability in code used by IE to handle JavaScript “Window()” function calls.

      That vulnerability was in versions 5.5 and 6.x of Internet Explorer and was initially believed to be less serious and limited to use in denial-of-service attacks.

      However, further analysis by researchers outside Microsoft revealed that the hole could be used by remote attackers to execute malicious code on affected Windows systems, Toulouse said.

      /zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

      A group calling itself Computer Terrorism released code to exploit the hole on Nov 21, six months after the hole was first discovered by a German researcher named Benjamin Tobias Franz.

      Despite the late notice, Microsoft staff rushed to get a fix in for the hole, which was being used in Web-based attacks to compromise vulnerable Windows systems.

      The patch also includes fixes for a hole in IEs COM (Component Object Model) that could allow remote code to run on some versions of IE, and fixes for moderately serious vulnerabilities in IEs File Download Dialog box and HTTPS proxy, Microsoft said.

      A second security bulletin, MS05-055, rated “Important,” fixes a hole in the Windows core processing kernel on Windows 2000 machines running Service Pack 4. The vulnerability could allow a user with few security privileges to take control of the Windows 2000 machine once he or she successfully logged in, Toulouse said.

      Microsoft also issued an update to Windows that removes an Active-X component left behind by Sony BMGs ill-fated XCP uninstallation utility, known as CodeSupport. Developed by First4Internet, CodeSupport left Windows systems open to Web-based attacks that downloaded and installed malicious programs, according to an analysis by Ed Felten, a professor of computer science at Princeton University.

      “If you had the XCP software on your system and ran the initial uninstaller, then this update will remove that [ActiveX] control,” he said.

      Microsofts malicious-code removal tool can be used to remove the XCP cloaking software for Sony BMG customers who have not yet removed it, he said.

      /zimages/4/28571.gifSony BMG is still working to patch vulnerabilities introduced by its DRM software. Click here to read more.

      Microsoft customers are advised to download the security updates as soon as possible.

      IT administrators should also review the FAQ section of each bulletin to make sure that the updates to IE do not conflict with existing Web site features, Toulouse said.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Avatar
      Paul F. Roberts

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×