Microsoft finally releases url-spoofing patch !
Microsoft has released a long overdue patch for the URL spoofing vulnerability that allows an attacker to modify the supposed url of a site to fool users into believing they are somewhere else.
As a side effect of the new patch, users will no longer be able to access sites with a username and password in the url (example: user:This email address is being protected from spambots. You need JavaScript enabled to view it.)
A registry workaround has already popped up at bugtraq which allows you to use the user:pass@site url format. A lot of debate is also going on on the list about the issue.
As a side effect of the new patch, users will no longer be able to access sites with a username and password in the url (example: user:This email address is being protected from spambots. You need JavaScript enabled to view it.)
A registry workaround has already popped up at bugtraq which allows you to use the user:pass@site url format. A lot of debate is also going on on the list about the issue.