Microsoft finally fixing Windows URI flaw

By on October 11, 2007, 10:44 AM
After much debate over a recently discovered protocol-handling flaw, which Microsoft claimed was a problem with third party software, the software giant has announced it is indeed working on a patch. The flaw, which affects Windows XP and 2003 systems running IE 7, lies in the URI handling component, allowing users to launch malicious programs by clicking on specially crafted links.

In recent months, researchers outlined vulnerabilities in Firefox and Internet Explorer that could allow an attacker to execute malicious code and compromise a target system. Later on, researchers discovered similar problems with other applications, including Adobe Reader and Outlook Express, suggesting that the problem wasn't with a single application, but rather with the way that Windows handles messages between a web browser and other applications.

Microsoft now agrees with that assessment and will issue an update to a Windows function known as ShellExecute so that it sanitizes the links it is processing. Microsoft gave no expected release date for the update, however. As always, users are advised not follow un-trusted links or browse un-trusted websites.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.