Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: * Microsoft Patch for IFRAME vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
* Microsoft Patch for IFRAME vulnerability
Microsoft Patch for IFRAME vulnerability

Looks like our (worldwide) requests touched Microsoft feelings...
Today Microsoft released a patch for the IFRAME Vulnerability, released on November 2nd.

Ok, it is late, but still worthwhile!

As Microsoft says in the Microsoft Security Bulletin MS04-040, "Recommendation: Customers should install the update immediately.".

We didnt test it yet, but we strongly advise you to test and apply as soon as possible.

Remember the recent incident with The Register and Iframe exploit? ( ). This can happen again with whatever other website, and in fact, we are still receiving reports of possible websites spreading the exploit. So, despite of the unofficial patches, for sale or even free, now you have a chance to protect yourself if you are still using IE, with an official patch released by Microsoft.



Handler on Duty: Pedro Bueno (pbueno /AT/

155 Posts
ISC Handler
Dec 1st 2004

Sign Up for Free or Log In to start participating in the conversation!