Technology Briefs

IE security hole gets patched

Microsoft has issued a patch for an Internet Explorer bug that it said could overwrite files and eventually crash computers. The vulnerability in the browser's Active Setup Download feature could enable malicious hackers or Web site operators to launch denial-of-service attacks, Microsoft said in a bulletin that accompanies the patch. The Active Setup control detects which files are needed by users who are updating software and then downloads the relevant ones. It's supposed to check to see whether the files are digitally signed before downloading them and warn users if files aren't signed or are signed by someone who doesn't have proper authorisation, according to Microsoft. But the mechanism has two flaws, Microsoft said. First, Microsoft-signed files are treated as trusted content, which means Internet Explorer will download them without asking for a user's approval. In addition, the control allows download locations to be specified on a user's hard drive, which Microsoft said could give malicious attackers a tool for overwriting system files and rendering machines unusable. However, Microsoft added that attackers couldn't modify files or cause other damage to a computer other than crashing the system. The flaw affects Versions 4, 4.01, 5 and 5.01 of Internet Explorer, the company management for MS Commerce ServerMicrosoft and Interwoven, provider of enterprise-class content-management software, have announced the beta release of Content Express, designed to enable business users to create and manage content for e-commerce solutions using Microsoft Commerce Server 2000 and Windows DNA 2000. Business users can enter and modify content on the fly and enables companies to perform whole site versioning and rollback., server optimised for clusteringInformix has announced its flagship server Dynamic Server 2000 has been certified for Unixware 7 NonStop Clusters. The Informix and SCO solution runs on Compaq ProLiant,

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CompaqInformixInterwovenMicrosoft

Show Comments