Download This Special Report

Sunday, March 26, 2006

Computer Consulting: Microsoft Finds Yet Another Bug in New Explorer

Last Wednesday, Microsoft Corporation found the second bug in only two days in its new version of the Internet Explorer (IE) program. The company this time promised to patch the zero-day bug as soon as possible.

According to both vulnerability tracker Secunia and Symantec reported that the problem was the result of an error in IE’s processing of the JavaScript method call “createTextRange ().” Hackers that used the bug to their advantage could get IE to remotely run bad code or crash the user’s browser entirely.

Lead security program manager at the Microsoft Security Response (MSRC) Center blog Lennart Wistrand said that the issue has been confirmed and the proper authorities have been advised and are in the process of creating a solution. On Tuesday, the MSRC confirmed that another bug in Internet Explorer could crash the browser and might be able to harm computers.

The latest bug could allow hackers to design a malicious website that contains the “creatTextRange()” JavaScript and draw users to this faulty site. People visiting the site, even briefly, would have no idea their system security was being compromised. This new vulnerability has been labeled “highly critical,” the second most severe label.

Even though IE 7 and the January version of the IE7 Beta 2 Preview are at risk to be attacked by this new bug, Wistrand stated that the version of the IE 7 preview released on March 20th is not susceptible. Source TechWeb asserted that the IE 7 Beta 2 Preview is completely safe and has been tested using the proof-of-concept code, publicly available to users.

Microsoft assures users that IE7 is much more secure than earlier versions of the program. Gary Schare, director of product management at Microsoft specifically for IE said that the latest version of the program would stop illegal copies from being downloaded. Still, scripting issues have been a problem for the IE program for over two years, and the flaw discovered in November 2005 was actually used by many spyware sites to install malicious software on PC’s.

Microsoft recommends that users disable JavaScript until a patch for the recent problems is available.

Added By: Computer Consulting Kit