Potential Flaw in Internet Explorer Enhanced Security Configuration

[Pieter Niessink <pieter () macflat nl>]

Hey,

Microsoft introduced a new piece of software in Windows Server 2003 
called Internet Explorer Enhanced Security Configuration.
Its supposed to stop content which is a potential security risk from 
loading or being run.

Since its installed by default i have it running on my server too. When 
surfing with IE it seems to do its job alright. The problem is
that if you leave your IE window open when the computer goes on 
screen-saver the content seems to load normally. Including
banners, flash objects and applets which should be blocked. This can't 
be good, especially not on a server os.

Has anyone else seen this, or is it a known problem ?

Kind Regards,

Pieter

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html