RSS Alerts

Share

More services

Related Stories

  • BitDefender says zero-day flaws still hitting Internet Explorer and Adobe
    IT security vendor BitDefender claims to have discovered separate, critical zero-day exploits in two of the most heavily used applications in the world: Microsoft's Internet Explorer and Adobe Reader.
  • Internet Explorer vulnerability used in Google attack
    More details are emerging concerning the concerted attacks on over 20 technology companies, including Google, that were revealed earlier this week. The attackers targeted a vulnerability in Internet Explorer, according to Microsoft. It is now investigating the flaw, which could allow attackers to execute arbitrary code.
  • Microsoft fixes browser flaw
    Microsoft’s last Patch Tuesday of the year saw the release of fixes for five flaws in its Internet Explorer browser, including a critical zero-day security vulnerability that was first publicly disclosed three weeks ago.
  • Patch Tuesday fixed at least 22 Windows security flaws
    If you're an IT admin, you'll probably have woken up today to seeing a number of Windows machines – and quite probably the PC's users – noting that a major Microsoft update has taken place. That's right – it's a Patch Tuesday time of the month again.
  • Google - China attack episode: Is Microsoft to blame?
    A complex attack on the Google Gmail accounts of human rights activitists – apparently from hackers based in China – has now been indirectly blamed on Microsoft, after McAfee Labs announced last night that the attacks appear to exploit a little-known vulnerability in Microsoft Internet Explorer.

Top 5 Stories

News

Microsoft patches critical Internet Explorer flaw

05 January 2009

Microsoft has posted an emergency security patch for Internet Explorer after a critical zero-day flaw was discovered in the browser. Users have been advised to download the patch via Windows Automated Updated.

A user's PC visiting a compromised site can be attacked exploiting the IE Exploit (961051) hole along with several other security vulnerabilities. Symantec warned that if the user's PC is successfully exploited, the hacker drops various malicious code onto the exploited system such as Downloader and Infostealer.Gamler.

Microsoft said the security hole was caused by an invalid pointer referencein Internet Explorer, which could enable a hacker to access memory on the PC, which is used by the browser. This memory could be used to install a remote application. Microsoft said a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs view, change, or delete data or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The Microsoft Malware Protection Center blog reported that since the vulnerability went live, roughly 0.2% of users worldwide may have been exposed to websites containing exploits of the latest IE vulnerability. It warned, "That percentage may seem low, however it still means that a significant number of users have been affected. The trend for now is going upwards: we saw an increase of over 50% in the number of reports today compared to yesterday." According to Symantec, users in Asia were most affected by the vulnerability.

The MS08-078 patch can be applied to versions of Internet Explorer from version 5.01 to Internet Explorer 8 Beta 2.

Microsoft urged users to apply this update after applying the most recent cumulative security update for Internet Explorer. The update, MS08-078, will be included in a future cumulative security update for Internet Explorer, it said.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012