Microsoft Posts Security Fix for IE


Tuesday, February 12th 2002, 12:00 am
By: News On 6


SEATTLE (AP) _ Microsoft Corp. on Monday released a patch to correct six new security vulnerabilities in its Internet Explorer browser, including one that could let a hacker run any program on a victim's computer.

The patch covers three critical and three moderate vulnerabilities in the free Internet software. The vulnerabilities affect the three latest versions of Internet Explorer, including the version found in Windows XP.

The free downloadable patch also ensures that users have updated their systems to include past patches.

The most serious of the vulnerabilities could allow a hacker to run any program on a user's computer simply by e-mailing the user a Web site, or luring the user to the Web site, said Christopher Budd, security program manager for Microsoft.

The potential security breach, called a ``buffer overrun,'' was discovered by Russian Internet security researchers, Budd said. Microsoft worked with the researchers to develop a fix.

The other two critical vulnerabilities could permit a malicious user to read a person's files, although the hacker would have to know exactly what the files are and where they're stored.

Other vulnerabilities could mislead a user into opening an unsafe file or instruct a computer to run a script even if the user has disabled that function for security reasons.

In the wake of security vulnerabilities such as these, Microsoft has said it will redouble its efforts to make its product safe from hacker attacks. A memo sent by Chief Software Architect Bill Gates instructed employees to make security a top priority. http://www.microsoft.com/technet/treeview/default.asp?url/technet