Bugtraq mailing list archives
patching IE (Re: Microsoft Security Bulletin (MS00-009))
From: john () LOVERSO SOUTHBOROUGH MA US (John Robert LoVerso)
Date: Thu, 17 Feb 2000 10:49:09 -0500
Subject: Microsoft Security Bulletin (MS00-009) Patch Available for "Image Source Redirect" Vulnerability Originally Posted: February 16, 2000
Given the large number of JavaScript-related security issues regarding the various versions of IE (4.0, 4.01, 4.01 SP1, 4.01 SP2, 5.0, 5.01), I'm surprised that no one has mentioned the fact that Microsoft has made it nearly impossible to secure IE. Why? Because fixes aren't quickly wrapped back into the distribution, nor is there a fast path to getting all the appropriate fixes installed. Download and install the latest release of IE (5.01). Are you safe? No. You first need several crucial scripting patches. After all, JavaScript defaults to "on" and IE defaults to scripting bugs. But, which patches? Click on "Tools->Windows Update"? That doesn't show the latest updates. Somehow know to go to the IE security page at http://www.microsoft.com/windows/ie/security/default.asp? Except, that doesn't make it clear _which_ patches you need. You have to individually go to each link; some will tell you if they apply, others will just let you download the patch. Given the ongoing nature of scripting problems, Microsoft should consider issuing a single, all inclusive, security patch. Each time a new fix comes available, update it. John
Current thread:
- patching IE (Re: Microsoft Security Bulletin (MS00-009)) John Robert LoVerso (Feb 17)
