[LINK] Flaw found that affects every Windows machine
Bernard Robertson-Dunn
brd at iimetro.com.au
Mon Jan 31 10:21:38 AEDT 2011
<brd>
Looks as though Microsoft's workers haven't achieved Mr Gates' vision
yet. They've only had five years, after all.
Gates Shares Microsoft’s Vision for a More Secure Future
Microsoft chairman outlines priorities and urges the industry to partner
to build trust among computer users.
http://www.microsoft.com/presspass/press/2006/feb06/02-14rsa06keynotepr.mspx
SAN JOSE, Calif. — Feb. 14, 2006 — In his keynote address at the RSA
Conference 2006, Microsoft Corp. Chairman and Chief Software Architect
Bill Gates shared Microsoft’s immediate and future plans to achieve a
more secure digital future, where interconnected networks worldwide
allow people to work and play across a multitude of devices, products,
services and organizations, with greater confidence in the security of
their experiences.
</brd>
Flaw found that affects every Windows machine
By Liam Tung
Jan 31, 2011 6:29 AM
iTnews
http://www.itnews.com.au/News/246535,flaw-found-that-affects-every-windows-machine.aspx
No server-side workaround yet.
Microsoft on Friday warned that all Windows desktops and servers were
vulnerable to a script-handling flaw that could allow an attacker to
spoof information displayed in a browser.
The disclosure was made in response to the publishing of a
proof-of-concept distributed on the internet which uncovered problems in
the way Windows handles MIME-formatted requests.
Maliciously-crafted script that runs on the client side could “spoof
content, disclose information, or take any action that the user could
take on the affected Web site on behalf of the targeted user,” Microsoft
warned.
“The impact is the same a server-side cross-site scripting issue, but
the vulnerability lies in the client,” Microsoft explained.
All Windows-run web services that interact with users via input fields
are vulnerable, according to Microsoft.
While Redmond has identified a relatively simple client-side
work-around, the temporary fix for servers is more complicated,
prompting Microsoft to call in Google and other service providers to
help solve the problem.
Without a patch or a server side work-around, Microsoft advised web site
operators to tell customers to lock down the MHTML protocol handler.
More information can be found here.
--
Regards
brd
Bernard Robertson-Dunn
Canberra Australia
email: brd at iimetro.com.au
website: www.drbrd.com
More information about the Link
mailing list