IE8 To Be Made More Secure Against Attacks

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

flavallee

Frank
Thread Starter
Trusted Advisor
Joined
May 12, 2002
Messages
83,262
This is word-for-word from the softpedia.com news site.

Microsoft plans to release and update to the Internet Explorer 8 XSS Filter that will further bulletproof the browser against attacks. The Redmond company already took measures to address an issue impacting the XSS Filter. In this regard, the January security update to Internet Explorer (MS10-002) was designed to resolve a vulnerability detailed at Blackhat EU. According to David Ross, MSRC Engineering, the software giant is now gearing up to take additional steps in order to protect customers.

A new “update to the IE XSS Filter is currently scheduled for release in June. This change will address a SCRIPT tag attack scenario described in the Blackhat EU presentation. This issue manifests when malicious script can ‘break out’ from within a construct that is already within an existing script block. While the issue identified and addressed in MS10-002 was identified to exist on high-profile web sites, thus far real-world examples of the SCRIPT tag neutering attack scenario have been hard to come by,” Ross explained.

The promise from the Redmond company is that additional work will be done in order for the Internet Explorer XSS Filter to continually improve. At the same time, Ross underlined that updating the browser was a task that Microsoft did looking to minimize the strain in terms of resources and effort for customers, as much as possible.

“In the case of the Internet Explorer XSS Filter, researchers found scenarios that are generally applicable across XSS filtering technologies in all currently shipping browsers with this technology built-in. In January (MS10-002) and again in March (MS10-018), we took steps to mitigate this threat class and we’ll take the next major step in the June timeframe. Overall we maintain that it’s important to use a browser with an XSS Filter, as the benefits of protection from a large class of attacks outweigh the potential risks from vulnerabilities in most cases,” Ross added.

The XSS Filter is a security feature added to Internet Explorer 8 in an effort by Microsoft to help secure the browser against attacks targeting Cross-Site Scripting (XSS) vulnerabilities. By exploiting an XSS hole, attackers can steal cookies, monitor keystrokes, and even masquerade as the victim on websites.

-----------------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top