Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-12-01 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

* Microsoft Patch for IFRAME vulnerability

Published: 2004-12-01
Last Updated: 2004-12-01 23:29:10 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Microsoft Patch for IFRAME vulnerability

Looks like our (worldwide) requests touched Microsoft feelings...
Today Microsoft released a patch for the IFRAME Vulnerability, released on November 2nd.

Ok, it is late, but still worthwhile!

As Microsoft says in the Microsoft Security Bulletin MS04-040, "Recommendation: Customers should install the update immediately.".

We didnt test it yet, but we strongly advise you to test and apply as soon as possible.



Remember the recent incident with The Register and Iframe exploit? (http://isc.sans.org/diary.php?date=2004-11-22 ). This can happen again with whatever other website, and in fact, we are still receiving reports of possible websites spreading the exploit. So, despite of the unofficial patches, for sale or even free, now you have a chance to protect yourself if you are still using IE, with an official patch released by Microsoft.

References: http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
and http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1050


----------------------------------------------------------

Handler on Duty: Pedro Bueno (pbueno /AT/ isc.sans.org)
Keywords:
0 comment(s)
Diary Archives