Microsoft security has been bypassed again, according to a security researcher who claims to have found an unpatched hole in - yes - Internet Explorer that allows a remote attacker to download malicious content onto vulnerable systems.
Microsoft however has refuted the claims and said the feature in question is working as designed. "Microsoft is disappointed that an independent security researcher has posted a false claim on several newsgroups alleging that the automatic blocking feature of Internet Explorer in Windows XP SP2 fails to function properly. These postings are inaccurate and misleading to customers," the company said in a statement.
The hole was identified on the Bugtraq Internet security discussion list by Rafel Ivgi - a security consultant for Finjan software and a regular hole-discoverer by the name of The Insider. The hole affects Explorer version 6, including the version released with Windows XP Service Pack 2. It allows malicious attackers to bypass warnings designed to inform users when a file is being passed to their computer using a specially-crafted HTML Web document.
But Microsoft insists everything works as intended.
News source:
ieXbeta
Full story:
View Here
Linear Mode
