Microsoft issued a warning that the Internet Explorer browser contains no
less than six newly discovered flaws that could give hackers access to personal
information about computer users, even change the information. Some of the flaws
were termed "critical" by Microsoft. The software giant said it has
already made patches available for the flaws in Explorer 5.01, 5.5 and 6.0.
(patches can be found at www.microsoft.com/security).
Some of the flaws could allow hackers to view files on a user's computer hard
drive. Others exploit vulnerabilities in Internet Explorer's "cross-site
scripting'' capabilities - which allow scripts from one Web page to legitimately
manipulate another - and may permit the same access by a rogue site. Another
flaw attacks the software's handling of "cookies" and may allow
hackers to view and even change information on cookies.
security program manager Christopher Budd, with the Microsoft Security
Response Center his group is not aware of any direct problems resulting from the
flaws. But to be on the safe side, Budd urged users not to ignore the potential
problems and to download the patch.