NEWS
Microsoft's Internet Explorer has become a turkey shoot for flaw finders.
This week, three more vulnerabilities were found in version 6.0 of the software giant's flagship web browser, security information provider Secunia said on Wednesday. That brings the total number of IE vulnerabilities disclosed in the past two months to 19, including eight flaws fixed by Microsoft during its October patch cycle.
The latest flaws were found by two different researchers, Secunia said. Two could be used together to allow malicious content to bypass an mechanism in Microsoft Windows XP Service Pack 2 that alerts people about potentially harmful programs, Secunia stated. The third vulnerability could be used to overwrite the cookies of a trusted site to hijack a web session, if the site handles authentication in an insecure manner, according to that advisory.
The flaws were rated "moderately critical" and "not critical", respectively, by Secunia.
Microsoft said in a statement: "We have not been made aware of any active attacks against the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports."
The company said that customers who needed advice should visit its software security site and its PC Protect site for home users. Microsoft also criticised the researchers for publicising the flaws without allowing it to work to solve the problems first.
"Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," the company said in the statement. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests."
Security researchers and hackers, however, are not paying heed to the software giant's standard chastisement of public disclosure. In the past two months, flaw finders have publicised critical Internet Explorer vulnerabilities and a slew of security issues in Service Pack 2, the company's latest update to Windows XP.
Already, viruses have started to use the critical Internet Explorer flaw to spread.
Robert Lemos writes for CNET News.com.
Comments
There is 1 comment. Join the discussion
1. Phil Laszkowicz (Opetec Ltd)
I have not used Microsoft Internet Explorer for a long time due to performance and security issues.
I have migrated my company away from all Microsoft products because I find that other products offer a much better alternative for security, versatility, and stability than Microsoft does. The only product I would recommend currently is Visual Studio .NET for Mono / .NET Developers.
I and my company now use SuSE Linux 9.1 Professional with OpenOffice / StarOffice productivity suites, Novell Evolution for e-mail, and Eclipse and NetBeans for software development.
As for the browsers we now use, I began with Mozilla and Opera, but we now prefer to stick with Firefox. As all of our development is standardised we have (absolutely) no bugs when migrating to other browsers.
We often move our clients away from Microsoft products as well simply because we find other products much more effective.