Microsoft to patch 'critical' IE bugs

By on
Microsoft to patch 'critical' IE bugs

After issuing a stopgap patch on Wednesday for a vulnerability that could allow attacks through its Internet Explorer (IE) browser, Microsoft announced that it will release an update to repair five flaws, including a new zero-day vulnerability.

The bugs affect IE 9 and earlier versions, and if exploited are capable of taking command of Windows PCs to infect them with malware.

Microsoft said it plans to release the fix as close as possible to 10 a.m. PDT on Friday.

As explained in Microsoft Security Advisory (2757760) released on Monday, the "remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated." The flaw could corrupt memory and allow an attacker to execute arbitrary code.

According to a blog post by Yunsun Wee, director of Trustworthy Computing for Microsoft, the vulnerabilities affected a small number of customers.

"The potential exists, however, that more customers could be affected," he wrote.

The fix will be available through Windows Update and the company recommends users install it as soon as it is available. Users with automatic updates enabled on their PC won't need to take any action.

Microsoft has been communicating with users on the issue all week, Andrew Storms, director of security operations for nCircle, said Thursday.

"Even if you think there are a lot of things Microsoft can improve, they are light years ahead of other vendors in providing clear, consistent, valuable communication to their users on security issues," he said.

Microsoft said that Friday's fix covers "other issues as well."

This article originally appeared at

Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


What's the biggest risk when partnering with other partners?
They might steal my clients
Loss of profitability
They might provide poor service to my clients
Lack of accountability, risk of finger-pointing
View poll archive

Log In

Username / Email:
  |  Forgot your password?