Tuesday, December 06, 2005

Trojans target unpatched IE flaw

Two exploits that use the recently disclosed vulnerability were reported by antivirus company Sophos on Friday. Called Clunky-B and Delf-LT, the exploits could allow malicious code to be executed remotely on a user's PC.

Microsoft issued an advisory last week, on "the way Internet Explorer handles mismatched document object model objects". Systems running Microsoft Internet Explorer on Windows XP Service Packs 1 and 2 are vulnerable to attack. Machines running Windows 98, Windows 98 SE, Windows Me and Windows 2000 Service Pack 4 are also vulnerable to the exploits.

Microsoft is not due to issue another round of security patches until 13 December. Some security experts have suggested the company should roll out an unscheduled patch before this time to address this flaw. However, it's not clear whether the flaw will even be addressed in the next Microsoft security bulletin.

Details of the next Microsoft security bulletin will be available here from 8 December.

Technorati Tags: , , , , ,


Post a Comment

Links to this post:

Create a Link

<< Home