Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: * Microsoft Patch for IFRAME vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
* Microsoft Patch for IFRAME vulnerability
Microsoft Patch for IFRAME vulnerability

Looks like our (worldwide) requests touched Microsoft feelings...
Today Microsoft released a patch for the IFRAME Vulnerability, released on November 2nd.

Ok, it is late, but still worthwhile!

As Microsoft says in the Microsoft Security Bulletin MS04-040, "Recommendation: Customers should install the update immediately.".

We didnt test it yet, but we strongly advise you to test and apply as soon as possible.



Remember the recent incident with The Register and Iframe exploit? (http://isc.sans.org/diary.php?date=2004-11-22 ). This can happen again with whatever other website, and in fact, we are still receiving reports of possible websites spreading the exploit. So, despite of the unofficial patches, for sale or even free, now you have a chance to protect yourself if you are still using IE, with an official patch released by Microsoft.

References: http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
and http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1050


----------------------------------------------------------

Handler on Duty: Pedro Bueno (pbueno /AT/ isc.sans.org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!