Off-cycle fix for IFRAME flaw called unlikely

Despite new Mydoom variants preying on the Internet Explorer-based vulnerability, don't expect a Microsoft patch in the short term, security experts say.

Systems administrators shouldn't have any trouble implementing Microsoft's new fix for a content spoofing vulnerability in ISA Server 2000 and Proxy Server 2.0 -- unless they're using the German version of the patch.

German users will need to update to Windows XP Service Pack 2 before they can properly install the patch. But regardless of the language they speak, experts say a bigger concern for admins right now is the Internet Explorer IFRAME flaw that is currently being exploited by several new Mydoom variants.

"We only ran into the one snag with it with the German-language version [of the ISA Server patch]," said Jeff Graham, a product manager with St. Bernard Software Inc., a San Diego-based security and

I honestly think that if there is enough of a stink about it, then Microsoft probably will release [an off-cycle] patch.


Mark Loveless, security researcher,

BindView Corp.

,
patch management vendor. "There is really a lot more buzz about the latest worm that is going around."

Furor could spur off-cycle release

Microsoft issued a fix for the ISA/Server glitch last week, and the quiet month for security bulletins left some wondering if the company would release an off-cycle patch for the IFRAME vulnerability sometime before December's Patch Tuesday. Security vendors said that an off-cycle patch for it is unlikely, but not out of the question.

"I honestly think that if there is enough of a stink about it, then Microsoft probably will release [an off-cycle] patch," said Mark Loveless, senior security analyst at BindView Corp., a Houston-based company that makes security and patch management software.

Loveless said that both the IFRAME vulnerability and the ISA/Proxy Server flaw are worrisome, but not serious enough to warrant mass panic, even with exploits for the former currently in the wild. Both require end users to take steps, such as visiting a malicious Web site, to trigger them.

In the absence of an IFRAME fix from Microsoft, Loveless suggested that users be extra careful about which Web sites they visit, and consider using an alternative browser, such as Mozilla's Firefox.

"Firefox is not so much of a target because it's not embedded into the operating system as much as IE," Loveless said. "That is not to say that it is without flaws."

Another way to avoid IFRAME attacks is to shut down unneeded scripting capabilities, such as ActiveX and JavaScript. "If you can do without it, turn it off," Loveless said.

Early notice program draws praise

This month's security update was the first to be issued through Microsoft's new early alert program on its TechNet site. Microsoft customers can now access general information

For more information

See why some think Firefox will become a target

 

Read about Finjan Software's claims about XP SP2 flaws

about planned patches three business days prior to their release on the second Tuesday of the month.

The new early warning program is good news for admins and security vendors alike, said St. Bernard's Graham.

"That really helps everybody," he said. "It gives people who have to implement the patches a little time to budget their time."

This month's lone patch was also a welcome change from last month, when Microsoft issued a record-setting 10 security bulletins -- seven of them critical -- to fix 22 vulnerabilities.

Both Graham and Loveless said they haven't heard of any serious problems that are lingering after last month's bulletins.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close