Microsoft Slow to Patch Another (kind of) IE Flaw

Updated: New attack finds yet another leak in local resource security that Windows XP Service Pack 2 and subsequent patches were supposed to plug.

A security researcher has discovered a new exploit for Microsoft Corp.’s Windows XP Service Pack 2 that allows programs to be planted and executed on fully-patched systems.

The researcher, known as http-equiv and operator of the malware.com Web site, discovered a weakness in the local security zone of Internet Explorer which, through the use of the HTML Help control, allows security restrictions in the zone to be bypassed.

Read More…

I said it before, I’ll say it again- Microsoft shows signs of too many balls in the air. I’m sure that they wish that the whole subject of security flaws would just go away, but that won’t happen until the OS is solidly built on WinFS and Longhorn. And maybe not then. Safety is forever a moving target and when people like me talk about ‘the good old days’, you’d better realize that there really WERE good old days.