http://tlgarchive.forumotion.com/profile.forum?mode=viewprofile&u=-1Guest

We're Moving. So, we've disabled new registrations on this forum. The forum will not officially be released until 8 PM Pacific Standard Time (Friday, Sept, 9th, 2010)~ http://www.ego-one.net/

View previous topic View next topic Go down  Message [Page 1 of 1]

avatar

MrMario
Manager
Microsoft will plug a hole in a built-in filter in Internet Explorer 8 that can be used to launch the very types of attacks on Web sites it was designed to help prevent, the company said on yestorday.
The company will update the IE cross-site scripting (XSS) filter in June to fix a hole that researchers warned about at the Black Hat Europe conference in Barcelona last week. The researchers showed how problems with the filter could be used to inject malicious code onto sites including Google, Microsoft's Bing search site, and Twitter.

"A June release is what's usual for the testing involved for updates,"
Microsoft spokesperson said.

This will be Microsoft's third attempt to fix security issues with the XSS Filter in IE8.

"The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002)," David Ross wrote on the Microsoft Security Response Center blog.

That was followed by a critical update in March. (MS10-018)

The update scheduled for June "will address a script tag attack scenario described in the Blackhat EU presentation," Ross wrote.

"In the case of the Internet Explorer XSS Filter, researchers found scenarios that are generally applicable across XSS filtering technologies in all currently shipping browsers with this technology built-in."




No Comment.

View previous topic View next topic Back to top  Message [Page 1 of 1]

Permissions in this forum:
You cannot reply to topics in this forum




Site powered by Forumotion
Copyright 2006-2013 | JalokimGraphics | Ego-One
<!-- <script type="text/javascript"> var vglnk = { key: '0d80ae9fe71cec9484f682bd59232f9e' }; (function(d, t) { var s = d.createElement(t); s.type = 'text/javascript'; s.async = true; s.src = '//cdn.viglink.com/api/vglnk.js'; var r = d.getElementsByTagName(t)[0]; r.parentNode.insertBefore(s, r); }(document, 'script')); </script><script type="text/javascript"> document.write('<scr' + 'ipt data-cfasync="false" type="text/javascript" src="https://www.adexchangeguru.com/a/display.php?r=1242764"></scr' + 'ipt>'); </script> <script type="text/javascript"> window._taboola = window._taboola || []; _taboola.push({flush: true}); </script></body></html><strong><a href="http://www.freeforum-hosting.com" target="_blank">Free forum hosting</a></strong>&nbsp;|&nbsp;<span class="gensmall">&copy;</span> <a href="https://www.forumotion.com/punbb" target="_blank">PunBB</a>&nbsp;|&nbsp;<a name="bottom" href="http://help.forumotion.com/" target="_blank">Free forum support</a>&nbsp;|&nbsp;<a href="/abuse?page=%2Ft1278-microsoft-to-fix-ie8-cross-site-scripting-problem-again&amp;report=1" rel="nofollow">Report an abuse</a>&nbsp;|&nbsp;<strong><a href="https://www.forumotion.com" target="_blank">Forumotion.com</a></strong>Derp