IE is now high-risk vulnerability system to make all patchs still do not help
Beijing time November 4th, the US Computer Emergency Response Team (US-CERT) releases safety warnings, there is a serious security vulnerability in the IE browser, and intruders can utilize HTML email messages or malicious web-control target computer systems. Safety researchers said that this vulnerability is particularly high due to the release of the code already published on the public mail list.
According to the announcement released by the US computer emergency response team, when IE processing "Frame" and "E" HTML element (HTMLELEMENTS) may have buffer overflow, the new discovered IE vulnerability is using this.
Researchers said that when users use a vulnerable IE version to access the malicious web page or use Outlook, OutlookExpress, AOL, and LotusNotes, it is possible to attack when viewing HTML email, using software to view HTML emails.
Secunia Security announced that it has been confirmed that Windows XPSP1 has this vulnerability even if all patchs are installed, and the IE6.0 browser it belongs still has this vulnerability, and IE6.0 browser used on Windows2000 installed in all patches. It is not possible to survive. At present, Microsoft has not issued relevant security patches. However, there is no such loan in the system installed, which indicates that Microsoft's efforts have received a certain results.
In addition to installing Windows XPSP2, system administrators can also disable activity scripts to block access non-active links, and use plain text in email, which can also reduce partial hazard. In addition, the virus library that updates anti-virus software in time can also play a certain protection.
