Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft slates June update to block IE8 abuse.

21 Apr 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Microsoft slates June update to block IE8 abuse.

Quote:
Microsoft plans to update Internet Explorer 8 (IE8) in June to stymie attacks that could turn the browser's cross-site scripting filter against Web sites, the company's security team said yesterday.

Microsoft's move was prompted by a presentation last week at Black Hat Europe, where researchers Eduardo Vela Nava and David Lindsay showed how IE8's cross-site scripting filter -- an anti-malware feature that debuted in a beta of the browser last year -- could be used by hackers to launch attacks against sites that would normally be immune. Among the sites that could be abused: Microsoft's own Bing search engine, Digg, Google, Twitter, Wikipedia and "many many more," they said.

IE8 uses what Vela Nava and Lindsay called a "neutering" technique to quash attempted cross-site scripting attacks. The problem is that attackers can manipulate the mechanism for their own purposes. "An attacker may exploit this behavior in order to prevent client-side security functionality from working," said the pair in a paper they published along with their Black Hat presentation (download PDF). "[And] in certain cases [this] can lead to XSS that wouldn't otherwise be possible."
Source -
Microsoft slates June update to block IE8 abuse - Computerworld


My System SpecsSystem Spec
.

Reply

 Microsoft slates June update to block IE8 abuse.




Thread Tools





Similar help and support threads
Thread Forum
Microsoft slates critical IE, Windows patches for Tuesday
One month left for businesses to migrate from Windows 8.1 to Windows 8.1 Update Source A Guy
Security News
Microsoft's Ballmer: Windows 7 slates are coming this year
Full Article: Microsoft's Ballmer: Windows 7 slates are coming this year | ZDNet Really? Do we need a "Winpad"?
News
Microsoft adCenter Terms and Conditions Update on June 21
Microsoft and Yahoo are making headway with their anti-Google search and online advertising partnership. Having received the go-ahead from antitrust authorities, the duo is currently working to finalize the Bing and Yahoo marriage for customers in the United States and Canada by the end of...
News
Microsoft slates 25-patch Windows update for next week
More at: Microsoft slates 25-patch Windows update for next week - Computerworld
News
Microsoft slates six fixes for decade’s final Patch Tue
Microsoft on December 8 expects to push out six patches to address 12 vulnerabilities as part of its monthly security update, the company announced. The fixes — three are rated “critical,” the rest are labeled “important — will address bugs in Windows, Internet Explorer (IE) and Microsoft...
System Security
Microsoft slates Windows 7 public beta for early 2009
Microsoft slates Windows 7 public beta for early 2009 - NYTimes.com Microsoft slates Windows 7 public beta for early 2009 Microsoft Tuesday said that it would expand testing of Windows 7 to the general public in early 2009. As it told attendees at the Professional Developers Conference...
News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 02:52.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App