Microsoft issues fix to stop active attacks exploiting serious IE bug
Posted on: 09/18/2013 08:11 AM

Temporary "fix it" plugs remote execution hole being used in targeted attacks.    

Microsoft issues fix to stop active attacks exploiting serious IE bug


From ArsTechnica:
The Fix it plugs a hole in all supported versions of Internet Explorer, even though there are "only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9," Dustin Childs, a group manager for communications in Microsoft's Trustworthy Computing group, wrote in an advisory posted Tuesday morning. "This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type," he added.

In a separate advisory, Microsoft officials added: "The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website."



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/microsoft_issues_fix_to_stop_active_attacks_exploiting_serious_ie_bug.html)