Internet Exploder Warning

[aenea]

This comes from our network admin:
There is a security breach in Internet Explorer 5.01 and 5.5 according to this page on Microsoft’s site:

Developer tools, technical documentation and coding examples

This has just been discovered. Basically, a web page can be created that contains any code that a malicious webmaster may want to execute on your machine under your user privileges. And since web pages can be embedded in e-mails, reading a message with Outlook could also potentially expose your machine (this may be the only time I’ve ever known that just reading an e-mail message without opening attachments could be harmful).

Please visit the link above and download the patch appropriate for your installation. It says that only IE 5.01 and 5.5 are affected; I’m running 5.00, but I installed the 5.01 patch anyway.

Those of you who use Netscape: try not to gloat too much; it could have happened to you, too.

[The_Mermaid]

I installed this patch yesterday.

From The Windows update site

Security Update, November 22, 2000 (Internet Explorer 5.5 Service Pack 1)

This update resolves the “Browser Print Template”, “File Upload via Form”, and “Frame Domain Verification” security vulnerabilities in Internet Explorer 5.5 Service Pack 1. Under certain conditions, a malicious Web site operator can use Print Templates or Web forms to run code or view files on a visiting user’s computer. Download now to prevent a malicious Web site operator from reading files or taking other unauthorized action on your computer.

This update eliminates the “Browser Print Template” vulnerability by ensuring that Web sites cannot execute Print Templates without user permission. The “File Upload via Form” vulnerability is eliminated by preventing Web forms from uploading files through specific HTML coding. In addition, this update eliminates the new variant of the “Frame Domain Verification” vulnerability by ensuring that all known Web page functions perform appropriate domain checking before granting access to any data.

For more information about these vulnerabilities, please see Microsoft Security Bulletin MS00-093. (This site is in English.)

System Requirements

This update applies to computers that are running Internet Explorer 5.5 Service Pack 1.

There is a “Critical Updates Notification” patch available that notifies you automatically as critical updates become available. This is how I became aware of it.