Microsoft Readies Patch for Recently Uncovered, Actively Exploited IE Vulnerability
Article by George Norman
On 15 Mar 2010
On Tuesday, March 9, Microsoft rolled out two security bulletins that addressed a total of 8 security holes in the Windows operating system and Office productivity suite. On the same day, Microsoft announced it is aware of a new vulnerability that “exists due to an invalid pointer reference being used within Internet Explorer.” If a person with malicious intent were to exploit the vulnerability, said Microsoft at the time, then that attacker could perform remote code execution on the targeted machine.

The bad news surfaced just a few days after Microsoft announced this vulnerability – people with malicious intent were indeed actively exploiting it to infect Windows-powered computers with a Trojan. The upside is that the latest iteration of the Microsoft-developed browser, Internet Explorer 8 (IE8), is not affected. Only IE6 and IE7 are affected, so at least from a security point of view, you are well advised to upgrade.


When Microsoft uncovered this IE vulnerability, it released Security Advisory 981374 to provide its customers guidance on how to stay protected. On Friday, March 12, that security advisory has been updated to provide new workaround information.

“On Wednesday we added a workaround to the advisory that helps to mitigate the vulnerability by disabling the peer factory class through the modification of a registry key. With [Friday]’s update, we have added a Microsoft Fix It to automate this workaround for Windows XP and Windows Server 2003 customers,” Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant said.

Since the vulnerability is being actively exploited in the wild, it is believed that Microsoft will roll out an out-of-band patch. Jerry Bryant confirmed that an out-of-band patch remains a possibility.

“We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing. This is a critical and time intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications. We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs,” said Bryant.

To my mind, I think you should use this occasion to upgrade from IE6 and IE7 to IE8, the safest browser in the Internet Explorer range.

Tags: Microsoft, Internet Explorer, IE, Security, Vulnerability, Security Advisory 981374
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Microsoft Readies Patch for Recently Uncovered, Actively Exploited IE Vulnerability
HTML Linking Code