News

Two Critical Vulnerabilities in IE

Two critical vulnerabilities in Internet Explorer 5.01, 5.5 and 6.0 could allow code execution. Microsoft released a cumulative patch on Wednesday for Internet Explorer that fixes the flaws.

Like many flaws in IE, the newly patched bugs would require an attacker to send a specially malformed HTML e-mail or lure a user to a malformed Web page. Code execution under the flaws only runs under the privilege of the user.

The first flaw is a buffer overrun vulnerability that results because IE does not properly determine an object type returned by a server, Microsoft says. The second flaw exists because IE fails to put an appropriate block on a file download dialog box.

The patch requires a reboot, and it can be uninstalled. It can be found here:
www.microsoft.com/technet/security/bulletin/MS03-020.asp.

While the flaw can affect IE 6.0 in Windows Server 2003, a new default security setting called Enhanced Security Configuration effectively blocks the flaw unless an administrator has chosen to disable it.

Among other things, Enhanced Security Configuration sets the security level for the Internet zone to high, disables automatic detection of intranet sites, disables install on demand and non-Microsoft browser extensions and disables multimedia content.

Users who have set up Windows Server 2003 in Terminal Services mode are the major user group most likely to have disabled Enhanced Security Configuration. In a Terminal Services environment, Enhanced Security Configuration must be disabled to allow users to use IE in unrestricted mode.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.