12 Jul 2000
Microsoft has finally admitted that Internet Explorer can crash internet-connected systems.
The company has released a patch to fix the bug, which is inside the software's Active Setup Download technology - a feature designed to speed download times. The bug leaves web-connected computers vulnerable to hackers and viruses, and could help to crash networks by overwriting files.
The flaw is indicative of broader security concerns, as PC users download files from insecure websites without scanning them for viruses or other security threats.
Active Setup treats all Microsoft-based files as trusted, and therefore downloadable without going through any permissioning processes. A malicious programmer could theoretically access Microsoft-signed files from a Microsoft website and include these trusted files in a download.
Files would then pass through Active Setup without alerting computer users and be sent to a specific file path, overwriting existing files and causing a system crash.
In a statement issued with the patch, Microsoft said: "The point of the attack would not necessarily be to try to install the update, it would be simply to overwrite a file on the user's disk. For instance, if malicious website operators overwrote a crucial file on the disk, they could render the machine inoperable."
The bug does not allow access to information stored on the computer or do anything but crash the system, according to the company.
Microsoft's patch updates the Active Setup feature to treat Microsoft files like those from all other sources, asking for users' approval before downloading.
Matthew Bevan, former hacker and now boss of Tiger Security, said: "Problems like this happen because Microsoft is always trying to add features to its products without fixing problems that are already there. It is under constant pressure from makers of other browsers. You can be sure that this is not the last problem with Internet Explorer."
Bevan predicted that, as more malicious attacks happen and more viruses are created, older technologies will find it harder to keep up.
First published in Network News
Have your say on this article
Newsletters
Latest stories from Hacking
Latest videos
You may also like
Hacking jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
