Microsoft to patch 'critical' IE bugs

By Greg Masters on Sep 21, 2012 6:56 AM
Filed under Security

Addresses zero-day vulnerability.

After issuing a stopgap patch on Wednesday for a vulnerability that could allow attacks through its Internet Explorer (IE) browser, Microsoft announced that it will release an update to repair five flaws, including a new zero-day vulnerability.

The bugs affect IE 9 and earlier versions, and if exploited are capable of taking command of Windows PCs to infect them with malware.

Microsoft said it plans to release the fix as close as possible to 10 a.m. PDT on Friday.

As explained in Microsoft Security Advisory (2757760) released on Monday, the "remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated." The flaw could corrupt memory and allow an attacker to execute arbitrary code.

According to a blog post by Yunsun Wee, director of Trustworthy Computing for Microsoft, the vulnerabilities affected a small number of customers.

"The potential exists, however, that more customers could be affected," he wrote.

The fix will be available through Windows Update and the company recommends users install it as soon as it is available. Users with automatic updates enabled on their PC won't need to take any action.

Microsoft has been communicating with users on the issue all week, Andrew Storms, director of security operations for nCircle, said Thursday.

"Even if you think there are a lot of things Microsoft can improve, they are light years ahead of other vendors in providing clear, consistent, valuable communication to their users on security issues," he said.

Microsoft said that Friday's fix covers "other issues as well."

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

Microsoft to patch 'critical' IE bugs
 
 
 
 
 
Top Stories
 
Artis strikes maiden partnership with Dicker Data
Distie helps Sydney reseller expand SAP offering.
 
Data#3's VMware boss to run 52nd half-marathon in 52 weeks
Guess what he's wearing for the final one tomorrow.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Who had more wins in 2014?

Latest Comments
CRN Magazine

Issue: 334 | December 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.