Home page logo
/

bugtraq logo Bugtraq mailing list archives

patching IE (Re: Microsoft Security Bulletin (MS00-009))
From: john () LOVERSO SOUTHBOROUGH MA US (John Robert LoVerso)
Date: Thu, 17 Feb 2000 10:49:09 -0500


Subject: Microsoft Security Bulletin (MS00-009)
Patch Available for "Image Source Redirect" Vulnerability
Originally Posted: February 16, 2000

Given the large number of JavaScript-related security issues regarding the
various versions of IE (4.0, 4.01, 4.01 SP1, 4.01 SP2, 5.0, 5.01), I'm
surprised that no one has mentioned the fact that Microsoft has made it nearly
impossible to secure IE.  Why?  Because fixes aren't quickly wrapped back into
the distribution, nor is there a fast path to getting all the appropriate fixes
installed.

Download and install the latest release of IE (5.01).  Are you safe?  No.  You
first need several crucial scripting patches.  After all, JavaScript defaults
to "on" and IE defaults to scripting bugs.

But, which patches?  Click on "Tools->Windows Update"?  That doesn't show the
latest updates.  Somehow know to go to the IE security page at
http://www.microsoft.com/windows/ie/security/default.asp?  Except, that doesn't
make it clear _which_ patches you need.  You have to individually go to each
link; some will tell you if they apply, others will just let you download the
patch.

Given the ongoing nature of scripting problems, Microsoft should consider
issuing a single, all inclusive, security patch.  Each time a new fix comes
available, update it.

John


  By Date           By Thread  

Current thread:
  • patching IE (Re: Microsoft Security Bulletin (MS00-009)) John Robert LoVerso (Feb 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]