Bug number three bites MS Explorer

The software giant is smarting after yet another bug, which erases users? hard drives, was discovered in the browser

Microsoft?s Internet Explorer browser has suffered another credibility blow after the discovery of the third bug in one week.

Last week, Microsoft acknowledged that the security flaw found in the latest version of its Web browser Internet Explorer 3 was serious, allowing anti-Microsoft hackers to set up Web sites that would be destructive to Internet Explorer users but safe for all other browsers (PC Dealer, 12 March).

Following the discovery of Cybersnot, which revealed the insecure nature of .LNK and .URL files, a second problem was found, related to IE?s floating frame feature. This allowed remote applications to be launched without warning merely by double clicking on an icon embedded in a Web page.

The last bug allows hackers to erase the user?s hard drive. It was discovered by a group of students, who claim the virus plays off a script program that automatically executes a downloaded file designed to help users sign up for internet service.

Microsoft insisted that it has already posted a fix for the bug, available to download from its Web site. Martin Gregory, internet platforms product manager at Microsoft UK, said: ?The bugs are all variations on one issue. This bug is exactly the same as the last one, only it affects the ISP file extension. Customer security is an issue for all software companies, not just for Microsoft.?

Meanwhile, an email bug has been found in the latest version of Microsoft Network (MSN), which can corrupt Microsoft Outlook files and prevent users from accessing their email.

John Linwood, group programme manager for MSN at Microsoft UK, confirmed the problem. ?The middleware that sits between the Microsoft server and Outlook is being corrupted,? he said.