News

Microsoft to issue emergency Internet Explorer update Friday

SearchSecurity.com Staff

Microsoft is addressing a dangerous Internet Explorer zero-day vulnerability, issuing a temporary workaround until it releases an emergency out-of-band update scheduled for Friday.

    Requires Free Membership to View

It will not affect your ability to browse the web, and it does not require a reboot of your computer.

Yunsun Wee, director of Trustworthy Computing, Microsoft

The software giant acknowledged that attackers are targeting a zero-day flaw in Internet Explorer 6, 7, 8 and 9.  It is urging users to apply an automated workaround or use the Enhanced Mitigation Experience Toolkit   to make it harder for attackers to target the zero-day flaw.

"It will not affect your ability to browse the web, and it does not require a reboot of your computer," Microsoft's Yunsun Wee, director of Trustworthy Computing, said in a blog entry updating users.

In its advance notification, Microsoft rated the Friday MS12-063 bulletin "critical," for users of Internet Explorer running on Windows XP, Vista, Windows 7 and "moderate" for the browser running on its Windows Server software.

Microsoft said an error in the way the browser accesses an object in memory that has been deleted or has not been properly allocated can cause memory corruption, enabling an attacker to execute malicious code. "An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," Microsoft said in its advisory.  

The zero-day flaw surfaced on Monday after researcher Eric Romang described the error in a blog post. Romang connected the flaw to the Nitro gang -- the same group that apparently used the recent Java zero-day in targeted attacks. The flaw could be exploited by malicious code embedded in user content or website advertisements on legitimate websites, Microsoft warned.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: