Microsoft has admitted its role in a security weakness in Internet Explorer that saw malicious websites installing and enabling the running of harmful code on a customer's machine.The u-turn comes after three months of Microsoft arguing that it was third party applications that were to blame for the security problems.
The debate start started after it emerged that malicious code could make IE launch Firefox and cause it to download and execute commands without the user being aware. Mozilla, the company behind Firefox, issued an immediate fix, but warned that IE was still vulnerable to making other third party applications run the code.
Microsoft has now admitted that it has worked out how the exploit works and have moved to close it. "Our plan is to revise our URI handling code within ShellExecute to be more strict," the author on a Microsoft blog wrote. "While our update will help protect all applications from malformed URIs, application vendors who handle URIs can also do stricter validation themselves to prevent malicious URIs from being passed to ShellExecute."
Advertisement
Related Stories
- The Pope loves Microsoft. Fact. May 25th 2012 at 4:13PM
- Daily deals websites get the Apprentice treatment May 23rd 2012 at 9:58PM
- Google Chrome takes most popular browser crown from IE May 22nd 2012 at 1:33PM
- Have your say: Does your business listen to complaints on Twitter? May 21st 2012 at 10:56AM
- Google introduces Knowledge Graph for more intelligent search May 17th 2012 at 10:55AM
- Twitter reaches 10-million user milestone in the UK May 16th 2012 at 2:33PM
- Windows 8 RT draws antitrust attention May 14th 2012 at 10:59PM
- Windows 8 Pro upgrade may cost $14.99 May 14th 2012 at 10:46PM
