Microsoft fixes IE iFrame flaw

Matt Whipp October 7, 2009

Microsoft has released a security update to fix the iFrame flaw discovered last month and exploited a week later by the Bofra/MyDoom virus.

The update is described as crtical as it fixes a hole in Internet Explorer which would allow an attacker to take control of a computer if the user is logged in with administrator privileges and clicks on a specially crafted link. By default, new accounts on Windows XP are unrestricted admin accounts.

Shortly after the vulnerability was publicised, under criticism from Microsoft, a new virus was spawned. Some security companies believed it to be a version of MyDoom and others an entirely new species: Bofra. However they were all receiving reports of customers having been infected.

Microsoft was then under pressure to push out a fix as fast as possible while making sure it ran properly on various configurations of its products and didn’t cause conflicts with others or create further problems. The patch for the flaw issued yesterday fixes the vulnerability as it appears in IE 6 running on Windows versions from NT 4 and 98 to XP and the 64 bit version. Systems running Windows XP with Service Pack 2 are not affected.

Microsoft dscribes the patch as ‘a cumulative update that addresses a publicly disclosed security vulnerability in Internet Explorer known as “iFrame” that could allow a malicious attacker to run malicious software on the user’s computer.’

Although the patch is described as ‘the’ update or December, the timing is out of kilter with the usual bulletin cycle, scheduled for the second Tuesday of every month. And indeed Microsoft says that this will not disrupt December’s bulletin.

The patch is a cumulative one and also includes fixes from October that may not have been downloaded by users of XP with Service Pack 1 because they were included in SP2, and if you didn’t upgrade to SP2, you will have missed out. YOu can now get these fixes without installing SP2, although Microsoft urges customers to do this as well.

To get the patch now visit the Microsoft web site.

Send Email

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

You may also like
How to Find out Who an Unknown Caller Is
How To Find out Who an Unknown Caller Is

Evan Gower September 19, 2023

ExpressVPN
10 Benefits of Using a VPN

Lee Stanton September 19, 2023

Amazon Prime Windows 10 App
How to Remove Your History and Watchlist from Amazon Prime Video

Steve Larner September 19, 2023

Send To Someone

Missing Device

    Todays Highlights
    How to Change the Location on a FireStick

    Lee Stanton April 1, 2023

    How to See Google Search History
    How to View Your Google Search History

    Steve Larner March 7, 2023

    How to Change Your User Name in Zoom

    Lee Stanton August 23, 2022

    How to Use Inspect Element

    Lee Stanton August 16, 2022

    how to download photos from google photos
    How to Download Photos from Google Photos

    Cassandra McBride December 3, 2022

    How to Change Your Username on Fortnite

    Lee Stanton February 20, 2023