diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Internet Explorer XSS Filter June Update to address SCRIPT tag

The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that wouldn’t otherwise be vulnerable. “An additional update to IE XSS Filter is currently scheduled for June, and will address a SCRIPT tag attack scenario described in Blackhat EU presentation. This issue manifests when malicious script can “break out” from within a construct already within an existing script block. While the issue identified and addressed in MS10-002 was identified to exist on high-profile web sites, thus far real-world examples of SCRIPT tag neutering attack scenario have been hard to come by. In case of IE XSS Filter, researchers found scenarios generally applicable across XSS filtering techs in all currently shipping browsers with this tech built-in. In MS10-002 and again in MS10-018, we took steps to mitigate this threat class and we’ll take the next major step in the June timeframe. Overall we maintain that it’s important to use a browser with an XSS Filter, as the benefits of protection from a large class of attacks outweigh the potential risks from vulnerabilities in most cases,” states MSRC.


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...