[<prev] [next>] [day] [month] [year] [list]
Message-ID: <01f701c29e06$8839d8c0$6801a8c0@rms2>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Microsoft: IE hole worse than reported
http://news.com.com/2100-1001-976440.html?tag=fd_top
Microsoft on Friday raised its threat rating for a security flaw in its
Internet Explorer browser to "critical," in response to criticism of its
initial assessment of the hole's danger.
A representative of Microsoft, which has come under fire for its
security policies, said the company had changed its original rating of a
flaw in IE versions 5.5 and 6 as a result of comments posted to the
Bugtraq online bulletin board by a security consultant.
As previously reported by CNET News.com, Thor Larholm, a vulnerability
researcher with security consultancy Pivx Solutions questioned
Microsoft's "moderate" rating--issued Wednesday--in a Buqtraq forum
posting.
"Microsoft has given this vulnerability a maximum severity rating of
moderate," Larholm wrote. "Great, so arbitrary command execution, local
file reading and complete system compromise is now only moderately
severe, according to Microsoft."
...
Powered by blists - more mailing lists