Microsoft Patch Leaves Holes Open
Microsoft’s effort last week to fix a vulnerability in the Internet Explorer Web browser and end the latest series of Internet attacks doesn’t address another closely related and dangerous vulnerability, according to a security specialist.
Dutch security expert Jelmer Kuperus published code on the Web last week that he says can be used to break into fully patched Windows systems using a slightly modified version of an attack called Download.Ject that Microsoft patched last week. The new attack targets a hole in a different Windows component than the one addressed by Microsoft’s software patch. Using a similar attack, malicious hackers could break into even patched Windows machines, Kuperus says.
http://www.pcworld.com/news/article/0,aid,116796,00.asp