Microsoft's effort last week to fix a vulnerability in the Internet Explorer Web browser and end the latest series of Internet attacks doesn't address another closely related and dangerous vulnerability, according to a security specialist.
Dutch security expert Jelmer Kuperus published code on the Web last week that he says can be used to break into fully patched Windows systems using a slightly modified version of an attack called Download.Ject that Microsoft patched last week. The new attack targets a hole in a different Windows component than the one addressed by Microsoft's software patch. Using a similar attack, malicious hackers could break into even patched Windows machines, Kuperus says. Microsoft confirms that the company is aware of the exploit code, but does not believe any customers have been attacked using the Shell.Application exploit, a spokesperson says.
View: The full story
News source: PCWorld