|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-09-26 | |
| Rule Name: | Microsoft Internet Explorer Security Bypass Vulnerability (CVE-2017-0064) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A vulnerability was reported in Microsoft Internet Explorer. A remote user can bypass security controls on the target system. The browser does not properly handle mixed content. A remote user can create a specially crafted '.url' file that, when loaded by the target user, bypass Mixed Content security warnings on the target system to load HTTP content when the target user is browsing secure content (HTTPS). | |
| Impact: | A remote user can bypass Mixed Content security warnings on the target system. | |
| Affected OS: | Windows | |
| Reference: | CVE-2017-0064 MicrosoftSecurityBulletin:MS17-006 SecurityFocusBID:98121 |
|
| Solutions |
|---|
| Applying the patch 4019472 is able to eliminate this problem. The bugfix is ready for download at https://www.catalog.update.microsoft.com/Search.aspx?q=KB4019472 |