 |
|
 | technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
Microsoft issues Internet Explorer security patch
|
(IDG) -- On the eve of the release of its much-delayed Windows 2000, Microsoft Wednesday issued a patch for a security vulnerability in the Internet browser which is bundled with the new operating system.
 | MESSAGE BOARD | |
|
| ||
The bug, which Microsoft calls the Image Source Redirect vulnerability, makes it possible for a malicious Web site operator to read certain types of files on the computers of visitors using Internet Explorer (IE) versions 4.0, 4.01, 5.0 and 5.01.
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| W2K Day: Let the buying begin |
| Download free software fast |
| EU opens inquiry into Win2K |
| Making the move to Windows 2000 |
| Reviews & in-depth info at IDG.net |
| E-BusinessWorld |
| IDG.net's Windows software page |
| Questions about computers? Let IDG.net's editors help you |
| Subscribe to IDG.net's free daily newsletters |
|
Search IDG.net in 12 languages |
| News Radio |
Fusion audio primers
|
|
Computerworld Minute
|
This means that the iteration of IE which is distributed with Windows 2000, version 5, also is affected by the bug.
When a Web server sends a new page to an IE browser window which comes from a different domain to the one currently being viewed, IE checks the server's permissions on the new page. The vulnerability makes it possible for a Web server to open a browser window to a file stored on the IE user's computer, and then switch to a page in the server's domain, gaining access to the contents of the user's files in the process, Microsoft said in a statement.
Any data which can be seen is only accessible for a short period of time, and the Web site operator would need to know, or guess, the names and locations of files. The operator would also only be able to view file types that can be opened in a browser window, including .txt files, Microsoft said.
Microsoft also came under fire yesterday for a leaked internal memo claiming the operating system has over 63,000 bugs in it.
More information about the vulnerability, including patches, can be found here.
RELATED STORIES:
Another IE 5 security flaw found
October 15, 1999
Microsoft posts IE5 bug fix
October 12, 1999
Zona declares Microsoft winner in browser war
November 10, 1999
Gates officially unveils Windows 2000
February 17, 2000
RELATED IDG.net STORIES:
W2K Day: Let the buying begin
(PC World)
IDC: Windows 2000 a winner for MS
(IDG.net)
Microsoft refutes reports of 63,000 bugs in Windows 2000
(Computerworld)
Windows 2000 launch: Moment of truth arrives
(InfoWorld.com)
EU opens inquiry into Windows 2000
(IDG.net)
Dell says Windows 2000 is ready to roll
(IDG.net)
Windows 2000 only a first step for Microsoft
(Network World)
Making the move to Windows 2000
(InfoWorld.com)
RELATED SITES:
Microsoft
Microsoft's Windows 2000
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.