Critical new Internet Explorer vulnerability found

Secunia has released a security advisory detailing a new vulnerability in Microsoft's Internet Explorer 6 browser. John McCormick has the details in this edition of the IT Locksmith.

A critical new threat has emerged in Internet Explorer 6,
and no patch is yet available. At the other end of the spectrum, several Linux
vendors have released patches for some critical Linux vulnerabilities.

Details

Secunia has released a security advisory detailing a new vulnerability in Microsoft’s
Internet Explorer 6 browser (CVE-2006-1992). The company has designated it a highly
critical threat.

Michael Zalewski published the original
advisory on April 23. The security vendor has conducted its own tests and
found that even fully patched versions of IE 6 may be subject to this object
tag memory corruption vulnerability.

Successful exploitation could allow the execution of
arbitrary code. However, no reports of exploits have appeared in the wild.

No patch is yet available for this flaw. Until Microsoft
releases a fix, the only workaround is to avoid visiting untrusted Web sites.

Meanwhile, the French
Security Incident Response Team (FrSIRT) has no major Windows
vulnerabilities listed, but it does cite several critical patches for Linux
versions. Each of these patches eliminates a number of CVE-listed
vulnerabilities.

Gentoo
has released an update to address a Mozilla remote
code execution vulnerability.
Debian
patched this
threat as well as a Firefox code execution
threat last week.
Fedora did the
same.
Fedora and Gentoo both
patched an Ethereal remote code execution threat last week as well.
SGI released
a critical patch
last week.

Also watch for…

The National
Infrastructure Security Co-ordination Centre (NISCC), a British security
organization, has reported new flaws
in the DNS protocol.
Cisco Systems
has patched
its Wireless LAN Solution Engine and other products.
Shades
of War Games: According to The
Palm Beach Post newspaper,
instead of garnering a glowing high school transcript, 18-year-old Jeff
Yorston has landed a felony fraud arrest for altering student records—perhaps
he’s watched the Matthew Broderick movie once too often.

Miss a column?

Check out the IT Locksmith Archive,
and catch up on the most recent editions of John McCormick’s column.

Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter, delivered each Tuesday!

John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This policy describes the organization’s employee privacy guidelines and outlines employee privacy expectations. From the policy: POLICY DETAILS The organization’s IT equipment, services and systems are intended for business use only. However, the organization acknowledges that staff, consultants and volunteers occasionally require opportunities to make or receive personal phone calls, access personal email, utilize ...

PURPOSE The purpose of this Security Response Policy from TechRepublic Premium is to outline the security incident response processes which must be followed. This policy will assist to identify and resolve information security incidents quickly and effectively, thus minimizing their business impact and reducing the risk of similar incidents recurring. It includes requirements for both ...

Critical new Internet Explorer vulnerability found