* Microsoft Patch for IFRAME vulnerability

Published: 2004-12-01
Last Updated: 2004-12-01 23:29:10 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Microsoft Patch for IFRAME vulnerability

Looks like our (worldwide) requests touched Microsoft feelings...
Today Microsoft released a patch for the IFRAME Vulnerability, released on November 2nd.

Ok, it is late, but still worthwhile!

As Microsoft says in the Microsoft Security Bulletin MS04-040, "Recommendation: Customers should install the update immediately.".

We didnt test it yet, but we strongly advise you to test and apply as soon as possible.

Remember the recent incident with The Register and Iframe exploit? (http://isc.sans.org/diary.php?date=2004-11-22 ). This can happen again with whatever other website, and in fact, we are still receiving reports of possible websites spreading the exploit. So, despite of the unofficial patches, for sale or even free, now you have a chance to protect yourself if you are still using IE, with an official patch released by Microsoft.

References: http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
and http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1050


Handler on Duty: Pedro Bueno (pbueno /AT/ isc.sans.org)
0 comment(s)


Diary Archives