Microsoft releases patch to plug IE vulnerability

• From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
• To: nethappenings@xxxxxxxxxxxxx
• Date: Thu, 02 Dec 2004 12:00:05 -0500

**************************************************************
Educational CyberPlayGround Community 
http://www.edu-cyberpg.com/

NetHappenings Mailing List ©1993
-- Subscribe - Unsubscribe - Set Preferences
http://www.edu-cyberpg.com/Community/NetHappenings.html

Advertise on Nethappenings the oldest K12 Mailing List 
http://www.edu-cyberpg.com/Community/Subguidelines.html

All Mailing Lists
http://www.edu-cyberpg.com/Community/index.html
**************************************************************



*********************************************************************
THE HOTLIST IS A MASTER REGISTRY OF K-12 SCHOOLS
The registry is organized by state and by grade level.
The registry also includes sites for charter Schools, virtual schools,
school districts, state and regional education organizations, state
departments of education, state standards and state administrators.
REGISTER YOUR SCHOOL NOW:
http://www.edu-cyberpg.com/Schools/default.asp
*********************************************************************

<http://www.computerworld.com/securitytopics/security/story/0,10801,97957,00
.html>

By Jaikumar Vijayan
DECEMBER 01, 2004
COMPUTERWORLD

As expected, Microsoft Corp. today released an out-of-cycle security
bulletin and patch designed to fix a critical hole in the Internet
Explorer Web browser that is already being widely exploited by
attackers.

The company also announced a change to Windows Update for three
previously issued fixes from October for some users of Windows XP
Service Pack 1.

The vulnerability addressed by Microsoft's latest bulletin, MS04-040,
was first disclosed on Oct. 24 and exists in the iFrame tags of
Internet Explorer. The buffer overflow flaw allows attackers to take
complete control of a compromised system and can be exploited by
getting users to visit Web sites where malicious code can be
downloaded.

A proof-of-concept exploit named Bofra that takes advantage of the
iFrame flaw has been available for several days and was used in
launching attacks via banner ads last week that redirected users to
rogue Web sites.

snip


<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND 
http://www.edu-cyberpg.com

Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html

FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp

HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp

Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription