Microsoft releases updated IE security patch
Alexander Gusak
By Mary Lisbeth D'Amico
InfoWorld Electric
Posted at 8:47 AM PT, Sep 27, 1999
Microsoft has released a patch for Internet Explorer that it promises
completely eliminates the security problems that existed with the browser
software.
An initial patch announcement was made on Sept. 10, but the patch available
as of late last week is more far-reaching, Microsoft said in a statement
posted Friday on its security Web site.
The security holes in Internet Explorer were discovered earlier this month.
The patch eliminates the "ImportExportFavorites" vulnerability, which
affected computers connected to the Internet, Microsoft said. The security
hole made it possible for a Web site operator to carry out any functions
that visitors to a Web site could do on their own computers, such as
deleting or modifying files or reformatting the hard drive. It derived from
a feature in IE 5 that let users export a list of their favorite Web site to
a file, or import a file with a list of favorite Web sites.
The new patch also plugs security holes that resulted from several ActiveX
controls, Microsoft said. These existed both in Versions 4.01 and 5 of the
Internet Explorer. The ActiveX weakness allowed hackers to manipulate
programs on a user's computer when they visited a Web page or received
e-mail via Microsoft's Outlook program. An ActiveX control is software that
is shipped with Internet Explorer to enable a program to add user interface
functions.