The Microsoft Internet Explorer team have confirmed a serious bug that can crash IE when users visit affected websites.
The problem relates to the way the browser handles the
createTextRange() function and affects all versions (IE6.x XP SP2 fully patched, IE7 beta). The bug was disclosed publicly last weekend before Microsoft were able to patch the problem.
Lennart from the MSRC blog advised "
Our initial investigation has revealed that if you
turn off Active
Scripting, that will prevent the attack as this requires script.
Customers who use supported versions of Outlook or Outlook Express
aren't at risk from the email vector since script doesn't render in
mail (being read in the restricted sites zone)." He said a security advisory would be released in the coming days.
A Microsoft official recently chided Apple for their lack of a public Security Czar, and was (rightly) criticized for hypocrisy. However, Microsoft, for all their faults (and bugs) do appear to be making better efforts to publicize problems and deal with them in a timely matter. As Blogger in Chief Robert Scoble would say, blogs are about conversations - and it's good to see the security team, arguably one of the most important at Microsoft, getting more involved with their customers.
View: 
-1 Comments - Add comment