[LINK] Flaw found that affects every Windows machine

Bernard Robertson-Dunn brd at iimetro.com.au
Mon Jan 31 10:21:38 AEDT 2011


<brd>
Looks as though Microsoft's workers haven't achieved Mr Gates' vision 
yet. They've only had five years, after all.

Gates Shares Microsoft’s Vision for a More Secure Future
Microsoft chairman outlines priorities and urges the industry to partner 
to build trust among computer users.
http://www.microsoft.com/presspass/press/2006/feb06/02-14rsa06keynotepr.mspx

SAN JOSE, Calif. — Feb. 14, 2006 — In his keynote address at the RSA 
Conference 2006, Microsoft Corp. Chairman and Chief Software Architect 
Bill Gates shared Microsoft’s immediate and future plans to achieve a 
more secure digital future, where interconnected networks worldwide 
allow people to work and play across a multitude of devices, products, 
services and organizations, with greater confidence in the security of 
their experiences.
</brd>

Flaw found that affects every Windows machine
By Liam Tung
Jan 31, 2011 6:29 AM
iTnews
http://www.itnews.com.au/News/246535,flaw-found-that-affects-every-windows-machine.aspx

No server-side workaround yet.

Microsoft on Friday warned that all Windows desktops and servers were 
vulnerable to a script-handling flaw that could allow an attacker to 
spoof information displayed in a browser.

The disclosure was made in response to the publishing of a 
proof-of-concept distributed on the internet which uncovered problems in 
the way Windows handles MIME-formatted requests.

Maliciously-crafted script that runs on the client side could “spoof 
content, disclose information, or take any action that the user could 
take on the affected Web site on behalf of the targeted user,” Microsoft 
warned.

“The impact is the same a server-side cross-site scripting issue, but 
the vulnerability lies in the client,” Microsoft explained.

All Windows-run web services that interact with users via input fields 
are vulnerable, according to Microsoft.

While Redmond has identified a relatively simple client-side 
work-around, the temporary fix for servers is more complicated, 
prompting Microsoft to call in Google and other service providers to 
help solve the problem.

Without a patch or a server side work-around, Microsoft advised web site 
operators to tell customers to lock down the MHTML protocol handler.

More information can be found here.

-- 

Regards
brd

Bernard Robertson-Dunn
Canberra Australia
email:	 brd at iimetro.com.au
website: www.drbrd.com




More information about the Link mailing list