|21 Apr 2010||#1|
| || |
Microsoft slates June update to block IE8 abuse.
Microsoft plans to update Internet Explorer 8 (IE8) in June to stymie attacks that could turn the browser's cross-site scripting filter against Web sites, the company's security team said yesterday.
Microsoft's move was prompted by a presentation last week at Black Hat Europe, where researchers Eduardo Vela Nava and David Lindsay showed how IE8's cross-site scripting filter -- an anti-malware feature that debuted in a beta of the browser last year -- could be used by hackers to launch attacks against sites that would normally be immune. Among the sites that could be abused: Microsoft's own Bing search engine, Digg, Google, Twitter, Wikipedia and "many many more," they said.
IE8 uses what Vela Nava and Lindsay called a "neutering" technique to quash attempted cross-site scripting attacks. The problem is that attackers can manipulate the mechanism for their own purposes. "An attacker may exploit this behavior in order to prevent client-side security functionality from working," said the pair in a paper they published along with their Black Hat presentation (download PDF). "[And] in certain cases [this] can lead to XSS that wouldn't otherwise be possible."
Microsoft slates June update to block IE8 abuse - Computerworld
|My System Specs|
|Similar help and support threads for2: Microsoft slates June update to block IE8 abuse.|
|Microsoft to launch Office 365 on June 28||News|
|Microsoft's Ballmer: Windows 7 slates are coming this year||News|
|Microsoft adCenter Terms and Conditions Update on June 21||News|
|Microsoft slates 25-patch Windows update for next week||News|
|Microsoft slates six fixes for decade’s final Patch Tue||System Security|
|Microsoft slates May date for Windows 7 RC download||General Discussion|
|Microsoft slates Windows 7 public beta for early 2009||News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 09:45 AM.