[prev in list] [next in list] [prev in thread] [next in thread]
List: ntbugtraq
Subject: Alert: Microsoft Security Bulletin (MS99-037) - IE5 "ImportExport
From: Russ <Russ.Cooper () RC ! ON ! CA>
Date: 1999-09-11 3:03:38
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Microsoft have released a Security Bulletin - MS99-037 - which,
finally, seems to have echoed Georgi Guninski's long heard
cry..."Disable Active Scripting"...
The Microsoft Security Bulletin states;
"Customers can immediately protect themselves against this
vulnerability by disabling Active Scripting in IE 5, as discussed in
the FAQ."
They say they are working on a patch, but such a drastic suggestion as
disabling *ALL* Active Scripting might very well indicate they've
finally decided to put an end to all of these unsafe scripting issues
we've been seeing. Could it be that they are going to somehow
eliminate this possibility?? I doubt it, but it sure would be nice.
Meanwhile, consider a bunch of sites broken while you've got this
disabled (note, they don't recommend setting it to prompt because,
IMO, these settings don't work the way they suggest they do. Prompt
doesn't mean every attempt to script should prompt, it means that only
some unknown variable needs to be missing for the script to
prompt...;-])
An explanation of how to disable scripting is in the FAQ. Stay tuned
for an updated Security Bulletin MS99-037.
Pertinent links are;
Security Bulletin MS99-036
http://www.microsoft.com/security/bulletins/MS99-037.asp
http://www.microsoft.com/security/bulletins/MS99-037faq.asp
Bulletin applies to:
- - Microsoft Internet Explorer 5
Cheers,
Russ - NTBugtraq Editor
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
iQCVAwUBN9nGixBh2Kw/l7p5AQGbBgQA0DtQziDeLWx9UjVrDo9OtW8WTWmU0bbK
Fwv2tq2oXG/iAKGRQFFacvRghzlX4eTMLPRlqyylT5W9qgpwwkcXxl6zhQPLHCGa
ata+9jW+JSMTM5kmtgxAbVJ2P3DQ4qA47MBKMk6YY60blTTEwaOGJ82qF0CgMHdc
QIw8PtXn8j0=
=H/St
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic