Microsoft releases updated IE security patch
- — 28 September, 1999 21:49
Microsoft has released a patch for Internet Explorer that promises to completely eliminate security problems which existed with the browser software.
An initial patch announcement was made on September 10, but the patch available as of late last week is more far-reaching, Microsoft said in a statement posted on its security Web site.
The security holes in Internet Explorer were discovered earlier this month.
The patch eliminates the "ImportExportFavorites" vulnerability, which affected computers connected to the Internet, Microsoft said. The security hole made it possible for a Web site operator to carry out any functions that visitors to a Web site could do on their own computers, such as deleting or modifying files or reformatting the hard drive. It derived from a feature in IE 5 which let users export a list of their favourite Web site to a file, or import a file with a list of favourite Web sites.
The new patch also plugs security holes which resulted from several ActiveX controls, Microsoft said. These existed both in versions 4.01 and 5 of the Internet Explorer. The ActiveX weakness allowed hackers to manipulate programs on a user's computer when they visited a Web page or received e-mail via Microsoft's Outlook program. An ActiveX control is software which is shipped with Internet Explorer that enables a program to add user interface functions.
Further information can be found at the Microsoft security Web site at http://www.microsoft.com/security/default.asp