Tuesday, July 05, 2005

Windows: Another Hole In IE

If you're still running Internet Explorer under Windows (and 46% of you reading this are), then you need to take note of yet another security hole in IE.

You have to dig deep down in this advisory to figure out what the problem is. Clicking on the various buttons that hide text, it seems that the bug triggers the Java Virtual Machine to crash IE and "gain the same user rights as the local user," which in Windows usually means administrative privileges.

If you have to use IE, Microsoft has a few suggestions, but the best one is in this Washington Post article: switch browsers.

Of course, Linux & Things recommends Firefox, but there is a wide variety to choose from.

July 6: Microsoft has released a patch for this bug