:: Deepquest ::

A computer science researcher has highlighted the shortcomings of Microsoft’s latest patch for its Internet Explorer browser by identifying another way that online vandals could run malicious programs on a Web surfer’s computer.
Microsoft on Friday released a fix that’s designed to protect computers from one of three flaws that, together, could be used to digitally slip past a PC’s security through the browser. This weekend, however, a security researcher identified another flaw that could serve the same purpose and that isn’t fixed by Microsoft’s patc

“They chose to address only one part of the problem,” said Jelmer Kuperus, a computer science student in the Netherlands who posted the code for the work-around. “They should have seen this one coming.”

This marks the third time in a month that Microsoft has had to play catch-up to researchers’ public disclosures about insecurities in Internet Explorer. In early June, Kuperus found a Web site that used two previously unknown vulnerabilities, plus the recently patched one, to install adware on victims’ computers. Additionally, security researchers discovered last week that a milder vulnerability, which Microsoft had fixed in early versions of the browser, reappeared in later versions.

from [url=http://zdnet.com.com/2100-1105-5259374.html]Znet[/url]