Microsoft to patch 'critical' IE bugs

By Greg Masters on Sep 21, 2012 6:56 AM
Filed under Security

Addresses zero-day vulnerability.

After issuing a stopgap patch on Wednesday for a vulnerability that could allow attacks through its Internet Explorer (IE) browser, Microsoft announced that it will release an update to repair five flaws, including a new zero-day vulnerability.

The bugs affect IE 9 and earlier versions, and if exploited are capable of taking command of Windows PCs to infect them with malware.

Microsoft said it plans to release the fix as close as possible to 10 a.m. PDT on Friday.

As explained in Microsoft Security Advisory (2757760) released on Monday, the "remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated." The flaw could corrupt memory and allow an attacker to execute arbitrary code.

According to a blog post by Yunsun Wee, director of Trustworthy Computing for Microsoft, the vulnerabilities affected a small number of customers.

"The potential exists, however, that more customers could be affected," he wrote.

The fix will be available through Windows Update and the company recommends users install it as soon as it is available. Users with automatic updates enabled on their PC won't need to take any action.

Microsoft has been communicating with users on the issue all week, Andrew Storms, director of security operations for nCircle, said Thursday.

"Even if you think there are a lot of things Microsoft can improve, they are light years ahead of other vendors in providing clear, consistent, valuable communication to their users on security issues," he said.

Microsoft said that Friday's fix covers "other issues as well."

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

Microsoft to patch 'critical' IE bugs
 
 
 
 
 
Top Stories
Here's what the Dicker Data mega-merger means in dollars
Distie to report $200 million jump in revenue.
 
Office 365 hiring coup for Brisbane gold partner
Million-mailbox Microsoft migration expert goes channel.
 
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Which mobile device couldn't you live without?


Latest Comments
CRN Magazine

Issue: 328 | June 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.