The Inquirer-Home

Microsoft will finally fix an Internet Explorer flaw from last year

Three critical patches
Fri Feb 04 2011, 12:13

SOFTWARE PATCH CODER Microsoft will fix 22 vulnerabilities in next week's Patch Tuesday security fixes, although not the Windows Internet Explorer zero-day vulnerability that was discovered recently.

Three of the 12 bulletins covering the 22 vulnerabilities are critical, and include updates to address vulnerabilities in Internet Explorer CSS and Windows thumbnail preview.

Insecurity firm Qualys said it has seen limited exploits for these on the wild, so the update is highly recommended. Lower rated flaws that will be patched include ones in the FTP service, Windows, Office and Visual Studio.

The Internet Explorer CSS issue was first discovered in December of last year, and affected several different browser versions, including Microsoft's newest Internet Explorer 8. Attackers could catch a victim with a bug on a booby-trapped webpage and take over the PC, either sticking in a bit of malware or stealing confidential information.

It is too soon for the latest Windows Internet Explorer zero-day vulnerability to be fixed, with a workaround regarded as the best bet for securing against that for now.

The company said, "Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability."

But of course, if Microsoft doesn't get a move on soon, that might change. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Dead electronic devices to be banned on US-bound flights

Will the new rules banning uncharged devices be effective?