Microsoft issues security bulletins for IE and XP

Microsoft Corp. issued two security advisories Wednesday, pointing to a “critical” flaw in its Internet Explorer browser and a second, less severe problem with its Windows XP operating system.

The problem with Internet Explorer stems from a security function in the software designed to stop one domain, such as a Web site, from sharing information with another domain, Microsoft said in a security bulletin. Microsoft has discovered that such information sharing can occur when certain dialog boxes are used.

An attacker could create a Web page that takes advantage of the flaw and use it to run malicious code, possibly in the form of an executable file, on a computer used to visit the page, Microsoft said. A related vulnerability allows an attacker to access a user’s system via HTML (Hypertext Markup Language) pages that display help content, Microsoft said.

The company recommended that users with Internet Explorer versions 5.01, 5.5, and 6.0 download a patch for these problems. The security bulletin, including links to the patch, is at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-004.asp.

The second warning, for Windows XP, concerns a problem in the Windows Redirector software, which is used to access local and remote files. By sending bad data to the Redirector a hacker could cause a system fail or, if the data were crafted in a particular way, run malicious code on the user’s computer, Microsoft said.

The flaw in XP can’t be exploited remotely and an attacker would need the ability to log onto a system to run programs that use the Redirector, according to Microsoft. Nevertheless, it said users should consider installing its security update for the problem and rated it an “important” issue.

The security bulletin, including links to the patch, is at www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-005.asp.


Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now