 |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |
Microsoft Will Issue Out-of-Band Aurora Patch for IE 6
Microsoft will release a patch for Internet Explorer 6 on Thursday morning that addresses the so-called Aurora exploit used in the China-based cyberattacks against Google and other companies.
“Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves, and the escalating threat environment, Microsoft will release a security update out of band for this vulnerability,” Microsoft’s George Stathakopoulos said Wednesday.
“We take the decision to go out of band very seriously, given the impact to customers, but we believe releasing an out-of-band update is the right decision at this time,” he added. “We will provide the specific timing of the release tomorrow.”
Vulnerability Not Limited to IE 6
In an updated security advisory, Microsoft said IE 6, IE 7, and IE 8 running on Windows XP, Server 2003, Vista, Server 2008, Windows 7, and Server 2008 R2 are all vulnerable. IE 5.01 SP 4 on Windows 2000 SP 4 is not affected.
The company offered this technical explanation of the vulnerability: “It is possible under certain conditions for (an) invalid pointer (in the browser) to be accessed after an object is deleted. In a specially-crafted (sic) attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”
Microsoft said the only attacks seen so far target IE 6. “We have not seen attacks against other versions of Internet Explorer,” the advisory said.
The software giant said it is “actively working” with partners in the Active Protection Program and Security Response Alliance to “provide information that they can use to provide broader protections to customers.” Microsoft and its partners will continue to “monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability,” the company said.
Forceful Response
The good news is that attackers have to convince users…
source : www.newsfactor.com
Related News:
- “Sex and the City 2,” Will Samantha Get Married?
- Adam Lambert Predicts Crystal Bowersox Will Win ‘American Idol’
- Hulu Rejects Apple’s Stand, Will Use Flash Over HTML5
- Mules will help in radiation survey at LA-area lab
- Will Net neutrality drive up Internet access prices? (Christopher Null)
- SAP Will Buy Sybase; Does It Mean a Shift in Strategy?
- Notebook Makers Will Use AMD’s New Vision Chips
- Will Apple Form a Chip Partnership with AMD?
- iPad Will Force Netbook, E-reader Makers to Evolve or Die (LiveScience.com)
- iTunes Competitor Lala Will Be Shut Down by Apple
Details :
Submited at Wednesday, January 20th, 2010 at 8:00 pm on tech by jessica
Comment RSS 2.0 - leave a comment - trackback