Feeds

MS moves slowly to patch latest IE5.5 hole

Don't think it thinks it's that big a deal

  • alert
  • submit to reddit

The next step in data security

Microsoft says that it is just "days" away from a patch for the latest hole in Internet Explorer 5.5 exposed by Bulgarian security man, George Guninski.

Guninski has a penchant for uncovering flaws in the browser the vast majority of his finds being IE related. This latest find is his 23rd this year.

It exploits a MS software function that can be used to create new Active-X objects, which can then be run - irrespective of whether they have been digitally signed by Microsoft as safe to run, explains Deri Jones, security services manager at NTA Monitor.

Active-X is an applet technology from Microsoft with very little security designed into it. It has some "bolted on" but this, says Jones, is not always a good solution.

The problem with having a browser that will run non-approved applets is that anything can find its way onto a system, causing a certain amount of trouble.

Guninski has a 24 hour notice period policy - that is to say he will give Microsoft a day to respond to the security flaw before he goes public with it. Microsoft says that this is not enough time.

A spokesman for the company said: "Typically these patches take between two and six weeks to design and test thoroughly. It would be irresponsible to release a work around that could cause more problems than it solved."

He also said that often a security hole is so unlikely to be an issue for most users that the company may chose to ignore it. "Sometime the combination of events leading to a flaw is so unusual, we don't bother fixing it," he told us. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Bono: Apple will sort out monetising music where the labels failed
Remastered so hard it would be difficult or impossible to master it again
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.