Microsoft patches critical Internet Explorer vulnerability


Microsoft has a critical vulnerability in Internet Explorer that is already being actively exploited to attack, closed yesterday Friday night with an emergency update. The gap is in the IE versions 6 to 9 and causes an attacker to infect your system when you visit a specially crafted Web page with malicious code. The weakness has been known since last Monday since Tuesday circulated a suitable Metasploit module.

On this occasion, Microsoft has also closed four other gaps similar nature reported to the company claims to be confidential by security experts and have not been used to attack. According to the CVE numbers, the four vulnerabilities were reported well before the announcement of the gap from Monday.

When the gaps are so-called use-after-free error, so the access to a previously shared space. The result is that the IE shellcode executes the attacker has been placed in the memory.

According to Microsoft, the patch is distributed now through Windows Update. Who has enabled the automatic update feature of Windows has, so do nothing. All others can download the appropriate patch to the operating system manually.

In addition, the company has done something for the early adopters of Windows 8, the record in bringing integrated into the IE 10 Flash player to the latest version. The update fixes a bug that allowed files by manipulating fonts software into. Microsoft is the new IE gone over to the Flash plug-in tightly integrated into the browser. Updates should theoretically reach users faster and more reliable, because the browser. Themselves automatically downloads and installs.

No comments:

Post a Comment