dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
457
share rss forum feed


FF4m3

@rr.com

Every Single IE At Risk Of Drive-By Hacks

Every single Internet Explorer at risk of drive-by hacks until Patch Tuesday:

Microsoft has lined up a bumper Patch Tuesday this month to snap shut a backbreaking 57 security vulnerabilities in its products.

Five of the 12 software updates addressing the gaping holes will tackle critical flaws that allow miscreants to execute code remotely on vulnerable systems.

In all, the soon-to-be-patched vulnerabilities exist in the Windows operating system, Internet Explorer web browser, Microsoft Server Software, Microsoft Office and the .NET framework.

The Redmond giant normally bundles together fixes for Internet Explorer bugs into a single monthly update, but February's Patch Tuesday release will feature two bulletins both addressing critical IE vulnerabilities. All versions of IE from 6 to 10, including the ARM port running on Windows RT on the Surface tablet, will need patching.

A third critical update addresses a flaw in Windows XP, 2003 and Vista but not later versions of Microsoft's PC operating system. The fourth critical update covers Microsoft Exchange, which uses the vulnerable Outside In software library from Oracle. The fifth critical vulnerability only affects Windows XP.

The remaining seven bulletins are all rated as important and mostly allow logged-in users to elevate their privileges, with the exception of a Sharepoint-related update that is susceptible to code-injection attacks.

More details, as usual, will follow next week once the patches are published. Microsoft's pre-release alert is here. Further commentary by Qualys can be found here.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

2 recommendations

The Register will pimp any headline to get page reads, it's borderline embarassing.
Here's what under the hood for Tuesday.
»MS Security Bulletin Advance Notification - February 7, 2013