UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
July
Su M Tu W Th F Sa
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#38722 - 11/28/04 05:01 AM Bofra exploit ticks away at Microsoft
Ice Offline
UGN News Staff

Registered: 11/29/02
Posts: 1146
Loc: Canada
Time is ticking for Microsoft to produce a patch for the two-week-old Bofra exploit. But Redmond is still investigating the problem

After more than two weeks of investigating the IFRAME Bofra exploit, Microsoft has yet to announce when it will be able to fix the problem.

The software giant was unable to provide any further answers to ZDNet UK as to when it expects to resolve the flaw for its customers. In a prepared email statement from the company, a spokesperson said: "Microsoft is actively investigating new public reports of a criminal attack, known as Bofra, attempting to exploit a vulnerability in Internet Explorer's treatment of an HTML element known as IFRAME."
The spokesman added that Microsoft is working to forensically analyse the malicious code in Bofra and "will work with international law enforcement to identify and bring to justice those responsible for this malicious activity".

The exploit affects Internet Explorer 6.0 on Windows 2000 and XP SP1. Computers running SP2 are said not to be affected by the exploit.

Earlier this week, several Web sites were hit with banner ad Bofra exploits that directed users to other sites and downloaded malicious code onto their machines.

Analyst company Gartner has predicted that hackers will increase their use of the banner ad attack because of its wide-spread effectiveness.

The software giant added: "Microsoft is taking this vulnerability very seriously; accordingly an update to correct the vulnerability is currently in development. We will release the security update when the development and testing process is complete, and the update is found to effectively correct the vulnerability."

Microsoft has attacked independent researchers who made the IFRAME flaw publicly available. Within a few days of its publication, hackers had created an exploit for the vulnerability.

The company said that people who believe they have been attacked should contact their local law enforcement agency.

ZDNET News
_________________________
Good artists copy, great artists
steal.

-Picasso

Top
Sponsored Links
      
#38723 - 11/28/04 12:21 PM Re: Bofra exploit ticks away at Microsoft
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7192
Loc: Portland, OR; USA
I just love hearing about Gartner; as I worked there on the Microsoft Publisher research project, and the Gartner Technical Workshop research project
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top

Featured Member
Registered: 03/05/02
Posts: 9
Forum Stats
2145 Members
46 Forums
33395 Topics
68562 Posts

Max Online: 1567 @ 04/25/10 10:20 AM
Top Posters
UGN Security 26558
Gremelin 7192
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Jimmie Menon, fghijk435948, Devo60, ali, lavos
2147 Registered Users
Who's Online
0 registered (), 643 Guests and 336 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!