Microsoft Readies Patch for Recently Uncovered, Actively Exploited IE Vulnerability
On Tuesday, March 9, Microsoft rolled out two security bulletins that addressed a total of 8 security holes in the Windows operating system and Office productivity suite. On the same day, Microsoft announced it is aware of a new vulnerability that “exists due to an invalid pointer reference being used within Internet Explorer.” If a person with malicious intent were to exploit the vulnerability, said Microsoft at the time, then that attacker could perform remote code execution on the targeted machine.
The bad news surfaced just a few days after Microsoft announced this vulnerability – people with malicious intent were indeed actively exploiting it to infect Windows-powered computers with a Trojan. The upside is that the latest iteration of the Microsoft-developed browser, Internet Explorer 8 (IE8), is not affected. Only IE6 and IE7 are affected, so at least from a security point of view, you are well advised to upgrade.
When Microsoft uncovered this IE vulnerability, it released Security Advisory 981374 to provide its customers guidance on how to stay protected. On Friday, March 12, that security advisory has been updated to provide new workaround information.
“On Wednesday we added a workaround to the advisory that helps to mitigate the vulnerability by disabling the peer factory class through the modification of a registry key. With [Friday]’s update, we have added a Microsoft Fix It to automate this workaround for Windows XP and Windows Server 2003 customers,” Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant said.
Since the vulnerability is being actively exploited in the wild, it is believed that Microsoft will roll out an out-of-band patch. Jerry Bryant confirmed that an out-of-band patch remains a possibility.
“We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing. This is a critical and time intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications. We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs,” said Bryant.
To my mind, I think you should use this occasion to upgrade from IE6 and IE7 to IE8, the safest browser in the Internet Explorer range.
Tags: Microsoft, Internet Explorer, IE, Security, Vulnerability, Security Advisory 981374
The bad news surfaced just a few days after Microsoft announced this vulnerability – people with malicious intent were indeed actively exploiting it to infect Windows-powered computers with a Trojan. The upside is that the latest iteration of the Microsoft-developed browser, Internet Explorer 8 (IE8), is not affected. Only IE6 and IE7 are affected, so at least from a security point of view, you are well advised to upgrade.
Advertising
When Microsoft uncovered this IE vulnerability, it released Security Advisory 981374 to provide its customers guidance on how to stay protected. On Friday, March 12, that security advisory has been updated to provide new workaround information.
“On Wednesday we added a workaround to the advisory that helps to mitigate the vulnerability by disabling the peer factory class through the modification of a registry key. With [Friday]’s update, we have added a Microsoft Fix It to automate this workaround for Windows XP and Windows Server 2003 customers,” Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant said.
Since the vulnerability is being actively exploited in the wild, it is believed that Microsoft will roll out an out-of-band patch. Jerry Bryant confirmed that an out-of-band patch remains a possibility.
“We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing. This is a critical and time intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications. We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs,” said Bryant.
To my mind, I think you should use this occasion to upgrade from IE6 and IE7 to IE8, the safest browser in the Internet Explorer range.
Tags: Microsoft, Internet Explorer, IE, Security, Vulnerability, Security Advisory 981374
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 10 Feb 2012
With the release of Wolfram|Alpha Pro, the team behind the popular computational knowledge engine took a very big step forward
By George Norman on 10 Feb 2012
Microsoft has just announced that this February, as part of the Patch Tuesday program, it will roll out a grand total of 9 security bulletins to all customers all over the world.Related News
By George Norman on 14 Sep 2011
Below you can check out the information Redmond-based software giant Microsoft released about the 5 security bulletins it rolled out this September as part of its Patch Tuesday program. The 
By George Norman on 13 Dec 2011
Tuesday, the 13th of December, is December 2011 Patch Tuesday, the last Patch Tuesday of the year. This December Microsoft will release a total of 14 security bulletins to its customers.
By George Norman on 06 Jan 2012
On the 10th of January 2012, Microsoft will release seven security bulletins as part of its Patch Tuesday program. The aforementioned bulletins are meant to address a total of 8 vulnerabilities that plague the Microsoft Windows operating system and
By George Norman on 21 Nov 2011
Redmond-based software giant Microsoft has recently announced that it is working on the next version of Microsoft Security Essentials (MSE), its security solution offered free of charge to users of genuine versions of the Windows operating system.Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Microsoft Readies Patch for Recently Uncovered, Actively Exploited IE Vulnerability
HTML Linking Code
HTML Linking Code