This alert is to notify you of the release of Microsoft Security Advisory (902333).
Microsoft has investigated a public report of a spoofing issue that affects Web browsers in general, including Internet Explorer.
The report describes the scenario of multiple, overlapping browser windows, some of which contain no indications of their origin. An attacker could arrange windows in such a way as to trick users into thinking that an unidentified dialog or pop-up window is trustworthy when it is in fact fraudulent. When a user visits a malicious Web site the user may be redirected to a trusted Web site. The attacker could then display an overlapping window in the form of a dialog box attempting a phishing attack. The user is then prompted to input personal information into this dialog box, which was opened from the malicious Web site. The user might believe that this dialog box was opened by the trusted Web site and they might input personal information. This information, however, is sent to the malicious Web site.
Customers who already follow our general guidance about avoiding spoofing attacks are at reduced risk of being affected by this issue. If a particular window or dialog box does not have an address bar and does not have a lock icon that can be used to verify the site's certificate, the user is not provided with enough information on which to base a valid trust decision about the window or dialog box. To view Microsoft's general guidance about how to avoid spoofing attacks visit the Security at Home Web site.
We continue to encourage customers install Windows XP SP2 and to follow our Protect Your PC guidance of enabling a firewall. This includes turning on Automatic Updates to receive software updates and installing anti virus software. For more information visit the Protect Your PC Web site.
Customers who believe they may have been affected by this spoofing method can contact Product Support Services. You can contact Product Support Services in North America at no charge using the PC Safety line (1866-PCSAFETY). International customers can contact Product Support Services by using any method found at the Microsoft Security Help and Support for Home Users Web site.
This Microsoft Security Advisory is located at this location:
Microsoft Security Advisories are located at this location:
If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.
Microsoft PSS Security Team