Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2996
Total: 2999









Author Topic: Emergency Microsoft Update Fixes IE Zero-day (download MS10-002)  (Read 5407 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Microsoft today released a rare patch outside of its normal monthly update cycle to fix an under-attack zero-day security hole in Internet Explorer.

The high-profile attacks against Google, Adobe and other companies took advantage of the invalid pointer reference flaw, which could allow an attack to be launched from a malicious Web site. According to Redmond's security advisory, "compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability": http://www.microsoft.com/technet/security/advisory/979352.mspx

The cumulative MS10-002 update also fixes other IE holes aside from that used in the Google attack, and is rated critical for all supported releases of Internet Explorer: http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx
The update will be distributed automaticaly via Windows Update.

While MS10-002 is essential across-the-board, only IE 6 has so far suffered attacks against the invalid pointer reference flaw. Microsoft says that protections such as Data Execution Protection for IE 8 and Protected Mode for IE on Vista and later Windows versions mitigate the threat. Also, "all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, removing the risk of an attacker being able to use this vulnerability to execute malicious code," according to the advisory.

These attention-grabbing attacks make clear that nobody should be using the badly vulnerable IE 6. If you're stuck using it at work because of an old, custom-made internal Web site or application, then your best bet may be to only use IE for that page or site, and use another browser such as Firefox for your everyday browsing.

(PCW)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023