More of this Feature • Protect Yourself

Related Resources • Microsoft Windows Security 101 • How To Configure IE Security • Poll: Should ISP's Block Viruses and Worms?

From Other Guides • Web Security • Email + IE = Flaw

Elsewhere on the Web • Microsoft Warns Windows Users About Flaw • Microsoft Security Bulletin MS03-008

Microsoft on Wednesday announced a new vulnerability which essentially effects all versions of Windows all the way back to Windows 98- up to and including Windows XP which is marketed as their most secure yet.

Microsoft has known about the flaw since January 9 but had not yet completed development of the fix. They were forced to expedite the patch when they found that the vulnerability was already being discussed in chat rooms and forums on the Internet.

The flaw exists in the Windows Script Engine which handles execution of script code such as VBScript and Jscript. Scripting allows web developers to add dynamic or interactive content to web pages rather than just presenting static information.

Using this vulnerability, an attacker could create a web page that, when visited by a user, would execute code that exploits the vulnerability and allow the attacker to run anything they wish as if they were the user. This can be accomplished by tricking the user into visiting the malicious web page or by sending an email in HTML format.


Next Page > Protect Yourself > Page 1, 2