Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3148
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Critical security patch for IE released, Win 7 RC affected (MS09-034, KB972260)  (Read 2930 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Microsoft has released an out of band security patch (MS09-034) to fix remote exploits in Internet Explorer: http://www.microsoft.com/technet/security/bulletin/MS09-034.mspx

This security update is rated Critical for the following versions of Internet Explorer:


    * Internet Explorer 5.01, running on supported editions of Microsoft Windows 2000
    * Internet Explorer 6 SP1, running on supported editions of Microsoft Windows 2000 and Windows XP
    * Internet Explorer 7, running on supported edititions of Windows XP and Vista
    * Internet Explorer 8, running on supported editions of Windows XP and Vista
    * Internet Explorer 8, running on Windows 7 Release Candidate (build 7100)


This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory and table operations.

The security update impacts ATL components and controls (like ActiveX controls, for example). Microsoft is advising developers who have built controls using vulnerable versions of ATL, to take immediate action to review and identify any vulnerabilities, modify and recompile their affected controls and components using the updated versions of ATL and finally distribute a non-vulnerable version of the controls and components to their customers.

Information for both of these exploits is available at CVE-2009-1918: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1918 and CVE-2009-1919: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1919

Internet Explorer 8 for Windows 7 RTM is unaffected by this bulletin as according to a Microsoft spokesperson the IE defense-in-depth mechanism is already built into Windows 7 RTM. Windows 7 Release Candidate (build 7100) is affected and a patch KB972260 will be distributed: http://support.microsoft.com/kb/972260
Patches for 2000, XP and Vista will be distributed by Windows Update shortly.

(NeoWin)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising