Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Android, Apple Own 80% of Global Smartphone Market; Microsoft's Share, 2.2%
•	Proposed New York Legislation Would Ban Anonymous Online Comments
•	Supercomputer to connect to 400PB of storage via Ethernet
•	Sales of unused IPv4 addresses gathering steam
•	Customizable cloud SLAs on the way, researchers predict
•	Google chairman pledges to fund Raspberry Pi availability in U.K. schools
•	Obama orders agencies to optimize Web content for mobile
•	Are CEOs getting the social media thing?
•	Managing Mobile Mania
•	Google's Android did not infringe Oracle patents, jury finds
•	HP to trim 27,000 jobs as part of restructuring program
•	VMware acquires desktop management company Wanova
•	Privacy advocates fear CISPA
•	Groups launch gigabit-per-second broadband project
•	Windows 8 touchscreen devices to be priced higher, Dell says
•	More breaking news

/

Microsoft issues Windows 2000 Internet Explorer security patch

By Douglas F. Gray
IDG News Service, 02/17/00

On the eve of the release of its much-delayed Windows 2000, Microsoft issued a patch for a security vulnerability in the Internet browser that is bundled with the new operating system.

The bug, which Microsoft calls the Image Source Redirect vulnerability, makes it possible for a malicious Web site operator to read certain types of files on the computers of visitors using Internet Explorer (IE) Versions 4.0, 4.01, 5.0 and 5.01.

This means that the iteration of IE which is distributed with Windows 2000, Version 5, also is affected by the bug.

When a Web server sends a new page to an IE browser window which comes from a different domain to the one currently being viewed, IE checks the server's permissions on the new page. The vulnerability makes it possible for a Web server to open a browser window to a file stored on the IE user's computer, and then switch to a page in the server's domain, gaining access to the contents of the user's files in the process, Microsoft says.

Any data that can be seen is only accessible for a short period of time, and the Web site operator would need to know, or guess, the names and locations of files. The operator would also only be able to view file types that can be opened in a browser window, including .txt files, Microsoft says.

Microsoft also came under fire this week for a leaked internal memo claiming the operating system has over 63,000 bugs in it.

RELATED LINKS

More information about the vulnerability, including patches, can be found here.

See our Research page dedicated to
Windows 2000

Early Windows 2000 users cite total cost of ownership benefits
Computerworld, 02/16/00.

Recent security exploits in Microsoft software
IDG News Service, 09/27/99.

Microsoft issues fixes for Win 2000 security holes
IDG News Service, 01/31/2000.

Talking about Windows 2000
PC World, 02/15/00.

Windows 2000 launch: Moment of truth arrives
InfoWorld, 02/14/00.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.