Internet Explorer Flaw Still Under Investigation -- Redmond Channel Partner

Internet Explorer Flaw Still Under Investigation

By Scott Bekker
July 11, 2005

UPDATE -- The July patches are posted as of 1:40 p.m. Eastern time July 12. The fix for this flaw IS included. Click here for the story.

Microsoft continues to investigate a vulnerable component in Internet Explorer for which it posted a kill bit last week, but it is unlikely the software giant will include the fix as part of its monthly patching event on Tuesday.

In the worst case, the flaw can allow an attacker to take complete control of a victim's computer over the Internet. While no reports of attacks using the vulnerability have been reported to Microsoft, details of the flaw are public, creating a dangerous situation.

The flaw involves a COM object called the JVIEW Profiler (Javaprxy.dll), an optional component in the browser that provides an interface to a debugger in the Microsoft Java Virtual Machine. The JVIEW Profiler is not included by default in several versions of Internet Explorer, but it can be installed by applications with the Microsoft Java Virtual Machine or during an operating system upgrade.

After acknowledging the vulnerability in a security advisory on June 30, Microsoft completed an initial investigation and recommended disabling Javaprxy.dll. Last week Microsoft posted several downloads of kill bits to disable the component. The executable kill bit gives users a way to make the necessary change without trying to edit the Registry, where minor mistakes can have disastrous consequences for a system.

In the version of its security advisory with links to the downloads, Microsoft promised a complete fix for the issue will be released in an upcoming security bulletin. The advisory underscored the severity of the issue by raising the possibility that the bulletin could be released between monthly patch release dates.

The next monthly patch release date is Tuesday. Microsoft notified customers late last week that three bulletins were coming -- two for Windows and one for Office. While Microsoft could turn around and issue a bulletin for Internet Explorer on Tuesday, as well, the fact that Internet Explorer wasn't mentioned in the advance notification makes that unlikely. Microsoft's next monthly patching date falls on Aug. 9.

The Microsoft security advisory about the JVIEW Profiler is available at www.microsoft.com/technet/security/advisory/903144.mspx.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

Organizations that want to extend the life of their Windows 10 PCs can begin buying extension plans from Microsoft's Cloud Solution Provider (CSP) partners on Sept. 1.
2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft is readying a new "Windows endpoint security platform" as part of its Windows Resiliency Initiative (WRI).
Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

Forrester has singled out Microsoft as the leading cloud hyperscaler in the increasingly AI-driven field of enterprise security analytics.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Internet Explorer Flaw Still Under Investigation

Featured

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

TCS Expands Microsoft Integration To Drive AI, Cloud Adoption

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

AvePoint Boosts 'Elements' Suite with New Tools for Security MSPs

Channel Veteran Dan Wensley Named GTIA CEO

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

TCS Expands Microsoft Integration To Drive AI, Cloud Adoption

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

AvePoint Boosts 'Elements' Suite with New Tools for Security MSPs

Channel Veteran Dan Wensley Named GTIA CEO

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Seamless Transitions: Migrating Your VMware Workloads to Azure

Azure Virtual Desktop: The Smart Choice for Remote Work Success

Veeam Data Cloud for Microsoft 365

Mastering Cost Management in Azure

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

Unlock the benefits of Microsoft Azure partnership

How Retailers Can Overcome 7 Common Tax Compliance Challenges

Tax Challenges Affecting the Manufacturing Industry