MrMario
Manager
Microsoft will plug a hole in a built-in filter in Internet Explorer 8 that can be used to launch the very types of attacks on Web sites it was designed to help prevent, the company said on yestorday. | The company will update the IE cross-site scripting (XSS) filter in June to fix a hole that researchers warned about at the Black Hat Europe conference in Barcelona last week. The researchers showed how problems with the filter could be used to inject malicious code onto sites including Google, Microsoft's Bing search site, and Twitter.Microsoft spokesperson said. This will be Microsoft's third attempt to fix security issues with the XSS Filter in IE8. "The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002)," David Ross wrote on the Microsoft Security Response Center blog. That was followed by a critical update in March. (MS10-018) The update scheduled for June "will address a script tag attack scenario described in the Blackhat EU presentation," Ross wrote.
|
No Comment.