News
News
8/22/2005
01:52 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Downplays Significance Of IE Bug

Microsoft says only a few applications use the component vulnerable to a bug exposed last week.

Microsoft on Monday continued to downplay the potential impact of last week's "zero-day" vulnerability in Internet Explorer, now by stressing the limited number of applications which use the flawed component.

According to a revamped security advisory on the Microsoft Web site, the affected COM object, Msdds.dll, is not added to a Windows system by default. It's actually only present when Microsoft Visual Studio 2002 and some versions of Microsoft Office applications have been installed.

"Customers who use the initial release of Microsoft Visual Studio 2002 are at risk from this vulnerability and are encouraged to apply Microsoft Visual Studio 2002 Service Pack 1," Microsoft stated in the updated advisory.

Other at-risk installations are Microsoft Office XP SP3 and Microsoft Access 2002 SP3.

Because Visual Studio 2002 is a development tool, it's unlikely run-of-the-mill business or home users will be vulnerable to an exploit of this Internet Explorer vulnerability. The bug in IE is due to a memory error caused when the browser calls on the Msdds.dll file as an ActiveX control. A successful exploit, which would be posted on a malicious Web site, could give the attacker complete control of the PC without any user interaction.

The revised advisory also offers a number of workarounds that users and enterprises can apply, including setting IE security to "high" and disabling the Msdds.dll file from running in IE.

Last week, the SANS Internet Storm Center posted a small free-of-charge utility that automatically "patched" the flaw by modifying the Windows registry.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.