The Broadband Guide
SG
search advanced

Microsoft to patch IE zero-day flaw today

2013-01-14 09:46 by

 

Microsoft will fix a zero-day hole in IE today almost a week after this month's regular Patch Tuesday updates. Discovered in December, the flaw lies in how "Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," according to the software giant.

"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site."

Several websites have already been compromised to spread malware exploits based on the vulnerability in IE 6,7 and 8. Users could safeguard themselves by either updating to IE 9 and 10 or using an alternative browser. Microsoft published a temporary FixIt tool to protect against this vulnerability but security researchers found this defence was far from bullet-proof.

The software patch will be made available through Windows Update and other, usual distribution channels, later today. However, if users already applied the "Fix It" tool released in Security Advisory 2794220, it is not necessary to uninstall the patch before applying the security update, the company said.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About