Microsoft to patch IE zero-day bug next week
Slates six updates for Patch Tuesday to fix critical flaws in Windows, IE, Office
Computerworld - Microsoft today said it will deliver six security updates on Tuesday, including one that will patch a vulnerability in Internet Explorer (IE) the company admitted only last week.
The updates will patch a total of 12 flaws in Windows, IE and Microsoft Office, the company said in a follow-up entry to its security response center's blog.
At the top of the patch list, even Microsoft's own, will be an update for IE 5.01, IE6, IE7 and IE8 that has been pegged as "critical," the firm's highest severity rating in its four-step scoring system.
The update will address an IE zero-day vulnerability that Microsoft confirmed Nov. 23 in a security advisory. "I want to point out that Internet Explorer 8 is not affected on any platform and that running Protected Mode in Internet Explorer 7 on Windows Vista mitigates this issue," said Jerry Bryant, a spokesman for the Microsoft Security Response Center (MSRC), in a blog post announcing the advisory last week.
Microsoft's advisory was its reaction to proof-of-concept attack code that had gone public several days before, when it was posted to the popular Bugtraq security mailing list. The sample code exploited a flaw in IE's layout parser, and could be used to hijack fully-patched Windows machines.
Next Tuesday's update, however, will quash bugs in all still-supported versions of IE, not just IE6 and IE7, a fact Microsoft confirmed today. "We want to make customers aware that we will be addressing the vulnerability discussed in Security Advisory 977981 in the IE bulletin on Tuesday," Bryant said in another blog post.
The advisory Bryant called out was the one Microsoft issued last week. "We know that customers are concerned about this issue and we are also aware that Proof of Concept (PoC) code is available publicly."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Taking Windows Mobile on Any Device Taking Windows applications mobile has many advantages, but the process of identifying a solution is complex. Learn how to solve this complex problem...
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Who's afraid of the big (data) bad wolf? Survive the big data storm by getting ahead of integration and governance functional requirements This paper provides a detailed review of the best practices clients should consider before embarking on their big data integration projects.
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Windows White Papers | Webcasts