Microsoft to patch Internet Explorer XSS filter in June

Powered by SC Magazine
 

Malicious code injection possible.

Microsoft will wait until June to release an additional patch for an Internet Explorer vulnerability that was recently demonstrated at the Black Hat EU conference.

Speaking on the Microsoft Security Response Center blog, security software engineer David Ross claimed that an additional update to the IE XSS filter is currently scheduled for release in June. 

He said: “This change will address a Script tag attack scenario described in the Black Hat EU presentation. This issue manifests when malicious script can ‘break out' from within a construct that is already within an existing script block. While the issue identified and addressed in MS10-002 was identified to exist on high-profile websites, thus far real-world examples of the Script tag neutering attack scenario have been hard to come by."

With reference to the Black Hat presentation, researchers showed how problems with the filter could be used to inject malicious code into websites such as Google, Bing and Twitter. Ross claimed that in January - where it was covered with an out-of-band patch - and again in March, Microsoft took steps to mitigate this threat class and the next ‘major step' will be taken in the June timeframe.

Ross said: “Overall we maintain that it's important to use a browser with an XSS filter, as the benefits of protection from a large class of attacks outweigh the potential risks from vulnerabilities in most cases.

“We look forward to continuing to improve the Internet Explorer XSS filter going forward to address new attack scenarios and the evolving threat landscape.”

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Time management tips for CIOs
[Blog post] How to get to the genba.
 
Making a case for collaboration
[Blog post] Tap into your company’s people power.
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
This 4G smartphone costs $219
Sep 3, 2014
It's possible to spend a lot less on a smartphone if you're prepared to go with a brand you ...
Looking for storage? Seagate has five new small business NAS devices
Aug 22, 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  69%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  10%
 
Denial of service attacks
  6%
 
Insider threats
  11%
TOTAL VOTES: 1109

Vote