Security Alerts




IE Update Fixes Multiple Use-After-Free Vulnerabilities

Severity: High Summary: These vulnerabilities affect: Most current versions of Internet Explorer (IE) How an attacker exploits them:  By enticing one of your users to visit a malicious web page Impact:  An attacker can execute code on your user’s computer, often gaining complete control of it What to do:  Install Microsoft’s IE updates immediately, or let Windows Automatic Update do it for you Exposure: As part of today’s Patch Day, Microsoft released a security bulletin  describing nine new security vulnerabilities affecting Internet Explorer (IE). Similar to the last   few IE updates, all nine of these security flaws are what developers call  “use after free” vulnerabilities, which are types of memory corruption flaws that attackers can leverage to execute arbitrary code. They all have to do with how IE handles various  HTML objects and elements. If an attacker can lure one of your users to a web page containing maliciously crafted HTML, he could exploit any one of these vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges

Source:
IE Update Fixes Multiple Use-After-Free Vulnerabilities
March 12, 2013 — Category: Security Alerts