By ELIZABETH M. GILLESPIE, AP Business Writer
Microsoft Corp. was working Friday to come up with a fix for a flaw in
its Internet Explorer browser that could let hackers gain remote
access to computer systems through malicious Web sites.
A patch was not immediately available, though security experts
played down the risk.
"If the user doesn't browse a malicious Web site, then the user isn't
even under attack," said Gerhard Eschelbeck, chief technology officer
at Qualys Inc., a security company based in Redwood Shores, Calif.
Stephen Toulouse, a program manager for the software maker's Security
Response Center, said the component that's the root of the problem
does not come standard in the Windows operating system.
In an update to a security advisory the company had issued the day
before, Microsoft said Friday that machines running Visual Studio 2002
without the Service Pack 1 update, or Office 2003 with Service Pack 3,
could be vulnerable.
Microsoft said it knew of no customers who had been attacked.
The company urged Internet users to be careful about opening up Web
links in e-mails and said it would release a security update once it
had completed its investigation.
Thursday's advisory came after a French security research team
published a "proof-of-concept exploit" showing how hackers could take
advantage of the vulnerability.
Without referring to the exploit specifically, Microsoft said the flaw
"was not disclosed responsibly, potentially putting computer users at
The disclosure came just days after a series of computer worms,
programmed to take advantage of a flaw in Microsoft's Windows
operating system, caused delays in operations at big companies and
On the Net:
Copyright 2005 The Associated Press.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily. For up to the minute Associated Press News Reports and
headlines, go to http://telecom-digest.org/td-extra/AP.html
[TELECOM Digest Editor's Note: So ... they claim 'no harm to the small
individual at a computer; just do not open any email attachments which
look suspicious.' Well, gee, that's good to know; what about the tons
of email spam each day which was sent under phalse pretenses using
a misleading subject line? I expect a lot of users will get this
latest virus as well. PAT]