Microsoft will ship an out-of-band security update toady for the zero-day Internet Explorer exploit discovered over the weekend by IT security advisor Eric Romang. The remote code execution vulnerability affects all versions of IE from IE 6 to IE 9 and is considered serious, as it could allow an attacker to launch arbitrary code using a specially crafted website designed to exploit the security flaw.
And we reported earlier this week, the presence of a working exploit released early in the week for Metasploit made it all the more serious. Metasploit is a widely-used penetration-testing suite that is popular with penetration testers and hackers. At that time, Microsoft (NASDAQ: MSFT) offered some mitigation tips, which were followed by a one-click "Fix it for me" automated workaround that does not require a system reboot.
Read more: Microsoft to ship permanent fix for IE Friday - FierceCIO:TechWatch http://www.fiercecio.com/techwatch/story/microsoft-ship-permanent-fix-ie-friday/2012-09-21?utm_medium=nl&utm_source=internal#ixzz27APkyTas
or the related article at
- http://www.zdnet.com/microsoft-to-ship-emergency-ie-patch-to-thwart-active-attacks-7000004577/
- http://www.pcworld.com/article/2010180/microsoft-offers-one-click-workaround-for-ie-vulnerability-permanent-fix-coming-friday.html
0 comments:
Post a Comment