Security Alerts




Out-of-Cycle IE Patch Mends Zero Day Vulnerability

Summary: This vulnerability affects:  Internet Explorer 6 through 8 (9 and 10 are not affected) How an attacker exploits it: Usually, by enticing one of your users to visit a malicious web page Impact: Various, in the worst case an attacker can execute code on your user’s computer, potentially gaining complete control of it What to do: Deploy the appropriate Internet Explorer patch immediately, or let Windows Automatic Update do it for you Exposure: In a previous post , we warned you of a zero day “ use after free ” vulnerability that affected Internet Explorer (IE) 6 through 8. By luring one of your users to a web site containing malicious code, a remote attacker could exploit the vulnerability to execute code on your computer, with your privileges  As always, if you have local administrator privileges, the attacker could exploit this issue to gain complete control of your computer. At the time, Microsoft hadn’t fixed this newly discovered flaw, but had released a FixIt that could mitigate its risk. This week, Microsoft released an out-of-cycle security bulletin containing a full patch for this issue

Source:
Out-of-Cycle IE Patch Mends Zero Day Vulnerability
January 17, 2013 — Category: Security Alerts