When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft Confirms IE6+/IE7 Security Bug

The Microsoft Internet Explorer team have confirmed a serious bug that can crash IE when users visit affected websites.

The problem relates to the way the browser handles the

createTextRange() function and affects all versions (IE6.x XP SP2 fully patched, IE7 beta). The bug was disclosed publicly last weekend before Microsoft were able to patch the problem.

Lennart from the MSRC blog advised "

Our initial investigation has revealed that if you

turn off Active
Scripting, that will prevent the attack
as this requires script.
Customers who use supported versions of Outlook or Outlook Express
aren't at risk from the email vector since script doesn't render in
mail (being read in the restricted sites zone).
" He said a security advisory would be released in the coming days.

A Microsoft official recently chided Apple for their lack of a public Security Czar, and was (rightly) criticized for hypocrisy. However, Microsoft, for all their faults (and bugs) do appear to be making better efforts to publicize problems and deal with them in a timely matter. As Blogger in Chief Robert Scoble would say, blogs are about conversations - and it's good to see the security team, arguably one of the most important at Microsoft, getting more involved with their customers.

View: Microsoft Security Response Center Blog

Report a problem with article
Next Article

FCC Chief Pro Tiered Internet?

Previous Article

Universal Launches Digital Download Service In UK