Continued from: MS $ecurity Bullet - Vol. 41233

The following is an Insecurity Bullet from the Microsoft Product $ecurity Notification $ervice.
Please do not reply to this message, as it was not sent from me so it is secure.

Summary

Microsoft has released a patch that eliminates vulnerability in Microsoft(r) Internet Explorer 44.01, 45 and 45.01, that could allow a User to search Internet

Issue

When a web server performs a server-direct contact, the IE security model checks the server's permission's on the new page. However, under favourable timing conditions, it is possible for a web server to create a contact to a client window and produce a picture and data from site.
The result is that it could be possible for a malicious web site operator to sent various information's without Microsoft Knowledge

Affected Software Versions

- Microsoft Internet Explorer 44.01
- Microsoft Internet Explorer 45.0
- Microsoft Internet Explorer 45.01

Patch Availability
http://www.microsoft.com/windows/$$/$ecurity/$ervredir.asp

NOTE: This patch also includes the previously-released patch for the
"Netscape screen" vulnerability.

http://www.sysopt.com/forum/smile.gif

HeeHee! That's pretty funny & clever Medo. Methinks you have lucrative potential as a consumer watchdog.

Insecurity Bullet? Indeed! http://www.sysopt.com/forum/biggrin.gif

[This message has been edited by socalgal (edited 12-23-1999).]

Thank you Socalgal.

You can send the reference letter to my e-mail address.

Medo

http://www.sysopt.com/forum/smile.gif