Content

New IE flaw evades XP update

A new vulernability in Microsoft's Internet Explorer affects systems equipped with the new security-conscious Windows XP Service Pack 2, according to researchers.

The vulnerability could be exploited by an attacker who tricks a user into visiting a malcious website. When the user drags a program masquerading as an image, an executable file is planted in the user's start-up file, which is opened the next time Windows is started.

IT security-services firm Secunia rated the flaw, discovered by a security researcher named "http-equiv," as highly critical.

Even though the proof-of-concept exploit demonstrated by http-equiv requires a user to drag and drop, it could be rewrittent to use a single click, according to Copenhagen-based Secunia.

The IE flaw has been confirmed in a system equipped with IE 6.0 and Windows XP SP1/SP2, Secunia said. The vulnerability also affects IE 5.01 and 5.5.

www.secunia.com

 

 

 

 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.