« First impression: JOE | Main | RSS WinterFest »
The Register says Microsoft "phish" bug remains officially patchless
The Register reports that "over one month after its discovery, there is no official patch available for a bug in Internet Explorer that lets swindlers pass off counterfeit websites as the real thing." I listened to this morning's monthly Microsoft security Webcast by VP Mike Nash, and didn't hear anything about this. I wonder what's going on here. (The Register isn't the most reliable source out there, either.) UPDATE: According to Netcraft, Microsoft said a patch addressing the spoofing flaw won't be released until it is "well-engineered and thoroughly tested."
Posted on January 20, 2004 at 03:50 PM | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83453afad69e200d8342395fa53ef
Listed below are links to weblogs that reference The Register says Microsoft "phish" bug remains officially patchless:
Comments
That would be this (1) and yes there is no fix from Microsoft yet. They have an advisory (2), it isn't very helpful, I don't think copy in this short javascript program is a good solution. Especially as other people (3) seem to be able to create fixes.
(1) http://www.secunia.com/advisories/10395
(2) http://support.microsoft.com/?id=833786
(3) http://www.abracadabrasolutions.com/UrlFilter.htm
Posted by: Matthew at Jan 21, 2004 4:56:42 AM
You mean how well they thorougly test the released MDAC and RPCSS patches?
Posted by: Kent at Jan 22, 2004 6:00:56 PM
