Security research firm eEYE Digital Security has warned Microsoft customers that a recent patch, MS06-042, has opened a new, remotely exploitable hole in the operating system, even while it patched other holes in the Internet Explorer web browser.
The company has posted an updated Security Advisory here that claims the company is investigating buffer overrun complaints and names "Long URLs to sites using HTTP 1.1 and compression" as the source of the problem.
"An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system," Microsoft said in its advisory. "We are not aware of attacks that try to use the reported vulnerability."
Companies that have applied the MS06-042 patch to fix a host of IE vulnerabilities can work around the crash problem by disabling HTTP 1.1 support on IE 6, according to Microsoft. To do this:
On the Tools menu, click Internet Options, and then click the Advanced tab
In the Settings box, click to clear the Use HTTP 1.1 check box under HTTP 1.1 settings, and then click OK
print
save
email
comment
Copyright @ 2004 Software & Support Media
Powered By Media Teknologi Informasi Corp.
Privacy PolicyTerms of Use
