MS quashes infamous Bofra bug
Print storyIFRAME fix
Posted in Anti-Virus, 2nd December 2004 11:40 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Microsoft broke with its normal patching schedule yesterday to issue a fix for the notorious IFRAME vulnerability in Internet Explorer.
Windows XP SP2 users were immune to the vulnerability, which was exploited by the Bofra worm. Surfers using Mozilla Firefox and Opera browsers were not affected. But users of older versions of IE were left in the firing line from 2 November, when the vulnerability was discovered, until Microsoft’s cumulative patch yesterday.
Microsoft describes its fix for the IFRAME (AKA HTML Elements) vulnerability as critical. Users of IE 6.0 on Windows XP SP1, Windows 2000 (SP3 and SP4) and Windows NT4 are strongly urged to apply Microsoft’s cumulative patch. Microsoft's advisory is here.
Redmond's next scheduled monthly patch update is Tuesday, 7 December. ®
Related stories
Watch out there's an IE bug about
Bofra worm sets trap for unwary
Bofra exploit hits our ad serving supplier
Bofra exploit tied to 'massive botnet'
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive