Microsoft to Come Up with Complete Internet Explorer XSS Filter Patch in JuneSpeaking on the Microsoft Security Response Center blog, security software engineer David Ross said that Microsoft will issue an additional patch for an Internet Explorer flaw in June 2010, as per the news published by SCMagazine on April 23, 2010. It is noteworthy that the vulnerability was disclosed at the Black Hat EU conference. Ross said that the intended change will effectively address a Script tag assault situation that was described during the conference. Such a situation arises when malicious script is able to break from within a concept that is there in an existing script block. The cross-site scripting (XSS) flaw was disclosed by researchers David Lindsay and Eduardo Vela Nava, according to the news published by ITPRO on April 20, 2010. At the conference, researchers demonstrated that the criminals could successfully exploit the bugs within the filter to infuse malicious code into websites like Bing, Twitter and Google. Writing in a white paper, the researchers revealed that Internet Explorer 8 discovered a latest defense mechanism against XSS attacks. The underlying idea was to build filters into IE browser that can detect and block some kinds of malicious XSS attacks. In affected versions of Internet Explorer 8, the flaw makes nearly all leading websites vulnerable to XSS. Meanwhile, it is the third time security tool of IE has required a review since the starting of 2010. The flaw was earlier unveiled in Internet Explorer 8 and was patched in an update released in January 2010 followed by another update in March 2010. The issue detected and fixed in MS10-002 in January 2010 was detected to exist on high-profile websites. Ross further said that with the protection benefits from a large class of assaults offsetting potential risks from flaws in majority of instances, it is extremely important to have an XSS filter in the browser. He added that the company is looking forward towards continuously improving the Internet Explorer XSS filter so as to address the constantly growing threat landscape and the newly emerging attack scenarios. Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails ยป SPAMfighter News - 5/5/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
