Microsoft haunted by old IE security flaw

A security flaw that had been fixed in older versions of Microsoft Internet Explorer has reappeared in the latest version of the browser software.
Security company Secunia issued a bulletin warning of the flaw in versions 5.01, 5.5 and 6.0 of Internet Explorer (IE). The problem had been fixed six years ago, when it appeared in versions 3.0 and 4.0 of the IE browser.

"It's a concern that a company like Microsoft has a problem that's already been fixed in older versions resurface in newer ones," said Thomas Kristensen, chief technology officer of Secunia.

Microsoft has been plagued by a recent spate of IE vulnerabilities. The latest attack was reported Tuesday. Through a flaw in IE, victims can pick up a program through a pop-up ad that is used to read keystrokes and steal passwords when people visit any of nearly 50 banking sites.

Vulnerabilities in IE have become so common that some security researchers are recommending that people adopt alternate browsers. The U.S. Computer Emergency Response Team, the official U.S. body responsible for defending against online threats, also advised security administrators to consider moving to a non-Microsoft browser among six possible responses.

According to the latest bulletin, the vulnerability affects people who have multiple IE browsers open. Through one of the open browsers, hackers can change the content of another Web site without users ever knowing that it has been altered....

Courtsey ZDNET

With Thanks !
Newkid !