Microsoft Releases Critical Internet Explorer Patch

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222400136

By Thomas Claburn
InformationWeek
January 21, 2010

Microsoft on Thursday released an out-of-band patch, MS10-002, to 
address eight vulnerabilities in Internet Explorer, a move prompted by 
the revelation last week that a series of cyber attacks from China on 
Google and some 33 other companies relied on a flaw in Microsoft's 
browser.

The eight vulnerabilities are rated "critical" in most cases and have an 
Exploitability Index rating of 1, meaning that exploit code is likely. 
In fact, proof-of-concept exploit code has already been reported and 
malicious exploit code is circulating online.

Microsoft is urging customers to install this update as soon as 
possible. The vulnerabilities affect Internet Explorer versions 5-8 and 
Windows 2000, XP, Vista, 7, Server 2003, and Server 2008. The company 
maintains that it has only seen limited and targeted attacks against 
Internet Explorer 6. But other security companies see broader risk 
affecting users of Internet Explorer 7 and 8.

Symantec on Wednesday said that it had detected a new exploit that 
attempts to leverage one of Internet Explorer's current vulnerabilities.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org